DNS attribute per group

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

DNS attribute per group

Users mailing list
I'm a newbie in freeradius, I have a production freeradius server connected with ldap directory, currently I'm assigning dns attribute(primary and secondary) in post-auth, the same servers for every user , It works fine but we need now to assign different dns server depending of their group. (O=). We don't know if check it in ldap or using groups in SQL.(radusergroup) , any idea?

Thanks in advance

Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: DNS attribute per group

Alan DeKok-2
On Aug 7, 2019, at 9:45 AM, Tomride via Freeradius-Users <[hidden email]> wrote:
>
> I'm a newbie in freeradius, I have a production freeradius server connected with ldap directory, currently I'm assigning dns attribute(primary and secondary) in post-auth, the same servers for every user , It works fine but we need now to assign different dns server depending of their group. (O=). We don't know if check it in ldap or using groups in SQL.(radusergroup) , any idea?

  if (LDAP-Group == "sales") {
        update reply {
                attribute = value
        }
  }

https://wiki.freeradius.org/modules/Rlm_ldap

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Fw: DNS attribute per group

Users mailing list
Thanks so much alan for your help, unfornately by the special configuration of the tree we can't do it with Ldap-groups , is it possible to do for organizationName or attribute of the user?

Thanks in advance

Martin

-------- Mensaje original --------
On 7 ago. 2019 16:19, Alan DeKok escribió:

> On Aug 7, 2019, at 9:45 AM, Tomride via Freeradius-Users <[hidden email]> wrote:
>>
>> I'm a newbie in freeradius, I have a production freeradius server connected with ldap directory, currently I'm assigning dns attribute(primary and secondary) in post-auth, the same servers for every user , It works fine but we need now to assign different dns server depending of their group. (O=). We don't know if check it in ldap or using groups in SQL.(radusergroup) , any idea?
>
> if (LDAP-Group == "sales") {
> update reply {
> attribute = value
> }
> }
>
> https://wiki.freeradius.org/modules/Rlm_ldap
>
> Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Fw: DNS attribute per group

Matthew Newton-3
On Fri, 2019-08-09 at 07:22 +0000, Tomride via Freeradius-Users wrote:
> Thanks so much alan for your help, unfornately by the special
> configuration of the tree we can't do it with Ldap-groups , is it
> possible to do for organizationName or attribute of the user?

You can alter the ldap search/filter in the ldap configuration to look
up pretty much whatever you want. See membership_filter and
membership_attribute. You probably want the former.

Run FreeRADIUS in debug mode (-X) and send a request. You'll see the
LDAP searches being performed. Substitute in the config that searches
for the things you need it to search for.

--
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html