LDAP attributes

=?iso-8859-1?Q?Beno=EEt_Bianchi?= Mon, 14 Mar 2005 00:27:23 -0800

I�m desperately trying to get LDAP attributes sent back to NAS without any
success...
I've add RADIUS-LDAPv3.schema to my LDAP schema, and set radiusClass
attribute for my test user.
I can do successful authentication but the value of this attribute is never
sent back by freeradius to the NAS ...


In radius.conf:
ldap {
                server = "xxx"
                port = 389
                identity = "xxx"
                password = xxx
                #basedn = "o=My Org,c=UA"
                basedn = "xxx"
                #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                filter = "(login=%{Stripped-User-Name:-%{User-Name}})"
                # base_filter = "(objectclass=radiusprofile)"

                # set this to 'yes' to use TLS encrypted connections
                # to the LDAP database by using the StartTLS extended
                # operation.
                # The StartTLS operation is supposed to be used with normal
                # ldap connections instead of using ldaps (port 689)
connections
                start_tls = no

                # tls_cacertfile        = /path/to/cacert.pem
                # tls_cacertdir         = /path/to/ca/dir/
                # tls_certfile          = /path/to/radius.crt
                # tls_keyfile           = /path/to/radius.key
                # tls_randfile          = /path/to/rnd
                # tls_require_cert      = "demand"

                # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
                # profile_attribute = "radiusProfileDn"
                access_attr = "dialupAccess"

                # Mapping of RADIUS dictionary attributes to LDAP
                # directory attributes.
                dictionary_mapping = ${raddbdir}/ldap.attrmap

                ldap_connections_number = 5

                #profile_attribute = "radiusProfileDn"
                #
                # NOTICE: The password_header directive is NOT case
insensitive
                #
                # password_header = "{clear}"
                #
                #  The server can usually figure this out on its own, and
pull
                #  the correct User-Password or NT-Password from the
database.
                #
                #  Note that NT-Passwords MUST be stored as a 32-digit hex
                #  string, and MUST start off with "0x", such as:
                #
                #       0x000102030405060708090a0b0c0d0e0f
                #
                #  Without the leading "0x", NT-Passwords will not work.
                #  This goes for NT-Passwords stored in SQL, too.
                #
                # password_attribute = userPassword
                # groupname_attribute = cn
                # groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupO
fUniqueNames)(uniquemember=%{Ldap-User
Dn})))"
                # groupmembership_attribute = radiusGroupName
                timeout = 4
                timelimit = 3
                net_timeout = 1
                # compare_check_items = yes
                # do_xlat = yes
                # access_attr_used_for_allow = yes
        }

Please help ...


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP attributes

Reply via email to