LDAP attributes into freeradius

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

LDAP attributes into freeradius

Joe H-2
Here is my goal:

I would like to assign an attribute to certain users in ldap and have
freeradius look for that attribute to determine whether or not to reply
back to the NAS device with an IP address pool name.  The users with the
attribute set would not have the Pool sent and the users without the
attribute set would have the pool sent.

Here is the rule that I have set for it in the users file:

DEFAULT Huntgroup-Name == "dialup"
         Idle-Timeout = "1800",
         Fall-Through = Yes

DEFAULT Huntgroup-Name == "dialup", No-Pool != "1"
         USR-Framed_IP_Address_Pool_Name = "POOL",
         Idle-Timeout := "120",
         Fall-Through = Yes

dialup is the ldap module I have setup in the radiusd.conf file.  Here is
that entry:

         ldap dialup {
                 server = "localhost"
                 identity = "cn=Manager,dc=domain,dc=com"
                 password = "*********************"
                 basedn = "ou=Users,o=domain.com,dc=domain,dc=com"
                 filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                 start_tls = no
                 tls_mode = no
                 dictionary_mapping = ${raddbdir}/ldap-dialup.attrmap
                 ldap_connections_number = 288
                 groupname_attribute = gidNumber
                 groupmembership_filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                 timeout = 4
                 timelimit = 3
                 net_timeout = 1
                 compare_check_items = no
         }

The problem I'm seeing is that radius doesn't seem to use the value of
No-Pool.  I have it in the ldap-dialup.attrmap as:
checkItem      No-Pool        radiusNoPool

radiusNoPool is the ldap attribute with a value of 1.

Where else do I need to add the new attribute No-Pool in order for
freeradius to use it?

Joe H.
GWI Operations.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP attributes into freeradius

Alan DeKok
Joe H <[hidden email]> wrote:
> Where else do I need to add the new attribute No-Pool in order for
> freeradius to use it?

  raddb/dictionary  See also "man dictionary"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

(no subject)

Mysterious
Hi, at the moment i´m planing to build a Network based out of 20 VLAN over 8
Nortel switches. Depending on the given Layout of the Network I need to add
some PC´s to more than one Port based VLAN. Is it posible to give the VLAN
ID over the Radius Server, and is it possible to send more than one VLAN ID
for one Client to the Switch? Does this work?

Armin


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html