>I've been trying unsuccessfully to get this setup to work, but unfortunately >haven't been able so far. > >My need is to return the contents of three LDAP fields as replies on the >Access-Accept package. > >The setup is for EAP/TTLS, mostly following eduRoam's setup guide (EduROAM >Cookbook -- DJ 5.1.5,3). >My config is as follows: > >on ldap.attrmap: >> checkItem cLDAPdepartmentNumber departmentNumber >> replyItem rLDAPdepartmentNumber departmentNumber >> checkItem cLDAPaffiliation eduPersonPrimaryAffiliation >> replyItem rLDAPaffiliation eduPersonPrimaryAffiliation >> checkItem cLDAPou ou >> replyItem rLDAPou ou >
Where does the cookbook say that you should put that in ldap.attrmap? Where are those radius attributes defined? Some additional dictionary? >on dictionary.university: >> VENDOR Unicamp 12345 >> >> BEGIN-VENDOR Unicamp >> ATTRIBUTE University-LDAP-departmentNumber 1 string >> ATTRIBUTE University-LDAP-affiliation 2 string >> ATTRIBUTE University-LDAP-organizationUnit 3 string >> END-VENDOR University > Why don't you map those in ldap.attrmap. >(the attributes, at least, are recognized correctly on the reply). > >on the inner-tunnel configuration file:: >> post-auth { >> reply_log >> Post-Auth-Type REJECT { >> reply_log >> } >> redundant { >> sql-server1 >> sql-server2 >> } >> update outer.reply { >> User-Name := %{reply:User-Name} >> University-LDAP-departmentNumber := >> %{rLDAPdepartmentNumber} >> } That should be: User-Name := '%{reply:User-Name}' University-LDAP-departmentNumber := '%{rLDAPdepartmentNumber}' Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html