Mapping ldap attribute with radius attribute...howto?

Eric Martell workoutexcite at yahoo.com
Mon Mar 31 17:39:30 CEST 2008 

Hi,
  I mapped my ldap attribute in the ldap.attrmap file as 
replyItem       rCidx                           roleid  

And in the dictionary file I mapped it as 
ATTRIBUTE       rCidx                   3000    string


I am using NTRadPing to test the authorization.
I see in the log, radius attribute is mapped to ldap attribute and returning valid value
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"

but I did not see it in the Sending Access-Accept reply to NAS.

I read rlm_ldap doc but not quite sure how to configure this. Please help.

Thanks and Regards.



rad_recv: Access-Request packet from host 216.2.193.1 port 42523, id=2, length=34
        User-Name = "0014F846C199"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "0014F846C199", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 0014F846C199
        expand: %{Stripped-User-Name} -> 
        expand: %{User-Name} -> 0014F846C199
        expand: (&(did=%{%{Stripped-User-Name}:-%{User-Name}})) -> (&(did=0014F846C199))
        expand: ou=roles,o=entitlement -> ou=roles,o=entitlement
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap://e.net:1389, authentication 0
rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/**** to ldap://e.net:1389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=roles,o=entitlement, with filter (&(did=0014F846C199))
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusAuthType as RADIUS attribute Auth-Type == Accept
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
rlm_ldap: user 0014F846C199 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [0014F846C199/<via Auth-Type = Accept>] (from client samir port 0)
Sending Access-Accept of id 2 to 216.2.193.1 port 42523
Finished request 0.
Going to the next request
Waking up in 0.9 seconds. 
Waking up in 4.0 seconds. 
Cleaning up request 0 ID 2 with timestamp +3
Ready to process requests.


       
---------------------------------
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080331/572a7df0/attachment.html>

More information about the Freeradius-Users mailing list