[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: LDAP - dynamic membership checking
From: Jens Weibler <jens.weibler () h-da ! de>
Date: 2011-12-31 15:35:47
Message-ID: 4EFF2BD3.2050303 () h-da ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On 31.12.2011 10:56, Christian Kölpin wrote:
> I'am stuck while testing with LDAP an Radius. I'am get Radius to work
> with user authorisation against LDAP and authentication against
> kerberos. Even if i set a "simple" membership checking in ./modules/ldap
> it works fine.
>
> My problem is, I have several NAS (Some APs, Switches, VPN-Servers).
> Depending on the NAS another group-Membership should be checked . For
> example a user with memberships in "wireless" and "office-vpn" should
> get access if the request comes from the APs or a specific VPN-Server.
>
> Can someone give me a hint, how to setup such a szenario?
my solution
users:
DEFAULT Huntgroup-Name == "switches", Ldap-Group == "coolguys"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-ID = "1337"
huntgroups:
# Switch XY
all NAS-IP-Address == X.Y.Z.131, NAS-Port >= 1,NAS-Port <= 30
coolguys NAS-IP-Address == X.Y.Z.131, NAS-Port >= 31,NAS-Port <= 40
--
Jens Weibler
IT-Services
Hochschule Darmstadt
www.h-da.de
University of Applied Sciences
Fachbereich Informatik
www.fbi.h-da.de
Schöfferstr. 8b
D-64295 Darmstadt
Tel +49 6151 16-8425
Fax +49 6151 16-8935
jens.weibler@h-da.de
["smime.p7s" (application/pkcs7-signature)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic