Did you add radiusportlimit to the ldap.attrmap file as a reply item?
On Thu, 13 Mar 2003, Das, Anindya Kishore wrote:
> Hi All,
>
> I have been trying to get Freeradius to authenticate users against the
> entries in my OpenLDAP directory with individual user rights. My setup
> requires that I have a port-limit set up on each user when they register and
> I am trying to get this information passed from the LDAP directory to the
> NAS via FreeRadius.
>
> My ldap() section in radiusd.conf file looks like this...
>
>
> ldap {
> server = "ldap.pacenet-india.com"
> port = "389"
> # identity = "cn=admin,o=My Org,c=UA"
> # password = mypass
> basedn = "ou=users,o=pacenet-india,dc=com"
> filter = "(uid=%u)"
> #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS extended
> # operation.
> start_tls = no
> # set this to 'yes' to use TLS encrypted connections to the
> # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to
> # the ldap library.
> tls_mode = no
>
> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> # ldap_cache_timeout = 120
> # ldap_cache_size = 0
> ldap_connections_number = 5
> # password_header = "{clear}"
> # password_attribute = userPassword
> # groupname_attribute = cn
> # groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(membe
> r=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-Use
> rDn}
> )))"
> # groupmembership_attribute = radiusGroupName
> timeout = 140
> timelimit = 30
> net_timeout = 10
> # compare_check_items = yes
> # access_attr_used_for_allow = yes
> }
>
> and one of my test user's ldif looks like this
>
>
> dn: uid=akd5,ou=users,o=pacenet-india,dc=com
>
> objectClass: top
> objectClass: account
> objectClass: posixAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: radiusProfile
> dialupAccess: yes
> radiusPortLimit: 40000
> cn: Anindya
> sn: Das
> gecos: akd5
> gidNumber: 15
> mail: [EMAIL PROTECTED]
> loginShell: /bin/sh
> homeDirectory: /home/akd
> uidNumber: 101123
> userPassword: 123456
> uid: akd5
>
> I have added the RADIUS schema for LDAP v3 and all works fine and the user
> gets authenticated and all. The problem is that the "radiusPortLimit" does
> not come into effect. I have tried adding the same information in the users
> file in the standard RADIUS user file format, which works beautifully.
>
> Is there anything I am doing wrong or missing out because of which the
> radius attributes are not being picked up from the directory? I am using the
> following:
>
> 1. FreeRadius version 0.8.1
> 2. OpenLDAP 2.x (LDAP Ver3)
>
>
> Any help in this regard would be greatly appreciated.
>
> Thanks in advance
>
> Anindya
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
