Hi Alan,<br> Can you please reply me about LDAP multiple attributes in the radius reply response on this? Will really appreciated.<br>>><br>I searched the following thread for ldap multiple attributes but it did not have right logic without changing data.<br><br><a target="_blank" href="http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg19275.html"><span class="yshortcuts" id="lw_1207148019_0">http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg19275.html</span></a><br><br>As we do not control the change of ldap data as it is legacy.<br><br>For ldap multiple attributes I am getting ONLY first value.<br><br>rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"<br>rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements = "test1"<br>rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements = "test2"<br>rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements =
"test3"<br>rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"<br>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br>rlm_ldap: user 0014F846C199 authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>++[ldap] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type Accept<br> rad_check_password: Auth-Type = Accept, accepting the user<br>Login OK: [0014F846C199/<via Auth-Type = Accept>] (from client samir port 0)<br>Sending Access-Accept of id 21 to 216.2.193.1 port 20070<br> rEntitlements = "test1"<br> rCidx = "111111"<br><br>>>>>><br><br><br><br><b><i>Alan DeKok <aland@deployingradius.com></i></b>
wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Eric Martell wrote:<br>> I am using NTRadPing to test the authorization.<br>> I see in the log, radius attribute is mapped to ldap attribute and<br>> returning valid value<br>> rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"<br>> <br>> but I did not see it in the Sending Access-Accept reply to NAS.<br><br> Attributes between 1 and 255 can go into a packet. Attributes greater<br>than that cannot go into a packet.<br><br> You will need to define a vendor-specific dictionary for your<br>attribute. See share/dictionary.*<br><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></blockquote><br><p>
<hr size=1>You rock. That's why Blockbuster's offering you <a href="http://us.rd.yahoo.com/evt=47523/*http://tc.deals.yahoo.com/tc/blockbuster/text5.com">one month of Blockbuster Total Access</a>, No Cost.