Hi,<br> I mapped my ldap attribute in the ldap.attrmap file as <br>replyItem rCidx roleid <br><br>And in the dictionary file I mapped it as <br>ATTRIBUTE rCidx 3000 string<br><br><br>I am using NTRadPing to test the authorization.<br>I see in the log, radius attribute is mapped to ldap attribute and returning valid value<br>rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"<br><br>but I did not see it in the Sending Access-Accept reply to NAS.<br><br>I read rlm_ldap doc but not quite sure how to configure this. Please help.<br><br>Thanks and Regards.<br><br><br><br>rad_recv: Access-Request packet
from host 216.2.193.1 port 42523, id=2, length=34<br> User-Name = "0014F846C199"<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "0014F846C199", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>++[files] returns noop<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for 0014F846C199<br> expand: %{Stripped-User-Name} -> <br> expand: %{User-Name} -> 0014F846C199<br> expand: (&(did=%{%{Stripped-User-Name}:-%{User-Name}})) -> (&(did=0014F846C199))<br> expand:
ou=roles,o=entitlement -> ou=roles,o=entitlement<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to ldap://e.net:1389, authentication 0<br>rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/**** to ldap://e.net:1389<br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful<br>rlm_ldap: performing search in ou=roles,o=entitlement, with filter (&(did=0014F846C199))<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: LDAP attribute radiusAuthType as RADIUS attribute Auth-Type == Accept<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"<br>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br>rlm_ldap: user 0014F846C199 authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>++[ldap]
returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type Accept<br> rad_check_password: Auth-Type = Accept, accepting the user<br>Login OK: [0014F846C199/<via Auth-Type = Accept>] (from client samir port 0)<br>Sending Access-Accept of id 2 to 216.2.193.1 port 42523<br>Finished request 0.<br>Going to the next request<br>Waking up in 0.9 seconds. <br>Waking up in 4.0 seconds. <br>Cleaning up request 0 ID 2 with timestamp +3<br>Ready to process requests.<br><br><p>
<hr size=1>You rock. That's why Blockbuster's offering you <a href="http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com
">one month of Blockbuster Total Access</a>, No Cost.