On Tue, 26 Mar 2002, Steve Tow wrote: > Hello all, > > I will do my best to be brief yet detailed. I have a FreeRADIUS v0.4 server > running and authenticating just dandy against LDAP. Our routers are a mixture > of routable IP address and NAT (10.0.0.0) address assignments. Occasionally a > customer who's local dial-in is NATed wants a real IP address because they > want to use some protocol that just doesn't work over NAT. > > I am able to accomplish this via an authorization section using 'files' with > per user entries like: > > nonat Auth-Type := LDAP > X-Ascend-Assign-IP-Pool = 2 > > It works, but how hard is it to get FreeRADIUS to grab these attributes out > of LDAP? I am already authenticating via LDAP, but I can't seem to authorize > and pass special RADIUS attributes. I messed around with 'ldap.attrmap' and > made entries like: > > checkItem X-Ascend-Assign-IP-Pool radiusIP-Pool > checkItem $GENERIC$ radiusCheckItem > > I then added these to a users LDAP entry: > > radiusCheckItem: X-Ascend-Assign-IP-Pool=2 > radiusIP-Pool: 2
These are reply not check items. So you should do something like the following: ldap.attrmap: replyItem X-Ascend-Assign-IP-Pool radiusIP-Pool ldap entry: radiusIP-Pool: 2 -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
