Variables' content as a reply

Augusto G. Andreollo guto at ccuec.unicamp.br
Fri Mar 6 13:48:31 CET 2009


> Where does the cookbook say that you should put that in ldap.attrmap?
> Where are those radius attributes defined? Some additional dictionary?
This part is not from the cookbook, it's something we intend to use
internally here at the university. The setup is based on the eduroam
guide, though, except for these attributes and the need to return the
inner User-Name on the outside of the tunnel.

> >
> 
> Why don't you map those in ldap.attrmap.
That had actually never ocurred to me. I thought ldap.attrmap was used
to create the variables and populate them with values, but it never
ocurred me to use it just for attribution. That has worked flawlessly,
thank you.

Just so it's posted on the list, my solution in this case is as follows:
on ldap.attrmap:
[...]
replyItem University-LDAP-organizationUnit     ou
replyItem University-LDAP-departmentNumber     departmentNumber
replyItem University-LDAP-affiliation          eduPersonPrimaryAffiliation
[...]

> >
> >on the inner-tunnel configuration file:
> >>         post-auth {
> >>                 update outer.reply {
> >>                         User-Name := %{reply:User-Name}
> >>                         University-LDAP-departmentNumber := %{rLDAPdepartmentNumber}
> >>                 }
> 
> That should be:
> 
>                          User-Name := '%{reply:User-Name}'
>                          University-LDAP-departmentNumber :=
> '%{rLDAPdepartmentNumber}'

Now, this is still not working:

having it as User-Name := '%{reply:User-Name}' still gives me an
Access-Accept with text instead of variable value.
Also, using double quotes yields the exact same result.


> Sending Access-Accept of id 127 to xx.xx.xx.xx port 32785
>         User-Name = "%{reply:User-Name}"
>         University-LDAP-organizationUnit = "cc    "
>         University-LDAP-affiliation = "staff"
>         University-LDAP-departmentNumber = "20.5.2.4.0.0.0"
>         MS-MPPE-Recv-Key = 0xecf20a153c749b7fa673b83360456fc9d5eb3080eaacdce7034dc6a69fe3ec3a
>         MS-MPPE-Send-Key = 0x19632e43f61546fc38a26e0e71ef134ecd45dae99873af6040606bc2772bbd75
>         EAP-Message = 0x03190004
>         Message-Authenticator = 0x00000000000000000000000000000000
> Finished request 6.

My need is to return the inner username (from within the TTLS tunnel) to
the outside of the access-accept response.. Is there any other simpler
way of doing this that I'm not aware?

Thanks again for the help

> 
> Ivan Kalik
> Kalik Informatika ISP

Guto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6701 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090306/923a7d49/attachment.bin>


More information about the Freeradius-Users mailing list