<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><DIV id=yiv1167348323>
<DIV>
<DIV style="BACKGROUND-COLOR: #fff; FONT-FAMILY: times new roman, new york, times, serif; COLOR: #000; FONT-SIZE: 12pt">
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><VAR id=yui-ie-cursor></VAR>Hello,</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR id=yiv1167348323yui_3_2_0_14_1320159204640247></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>I'm sorry for asking such a simple(?) thing, but my lack of understanding is not due to a lack of reading, searching, trial-and-error... I just can't seem to figure out how to reference an ldap attribute in post-auth. Using freeradius 2.1.8, PEAPv0/EAP-MSCHAPv2 with AD for authentication and ldap for authorization works great. As an added functionality, I need to send to the NAS a few extra attributes based on an an ldap attribute "personType". I've added mapping for this attribute, and here's a snippet of the debug output from the authorize section of the virtual server:</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>...<BR>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR> [ldap] personType -> Person-Type = "employee"<BR> [ldap] personType -> Person-Type = "fulltime"<BR> [ldap] personType -> Person-Type = "it"<BR>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<BR>[ldap] user tadam authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns ok<BR id=yiv1167348323yui_3_2_0_14_1320159204640454>...</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>How do I reference this attribute in a perl script I call from post-auth? It's not in %RAD_REQUEST, %RAD_REPLY, or %RAD_CHECK... <BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>Actually, I can't even figure out how to call it from the post-auth section itself.. I've tried different things, but I'm thinking the following should work:<BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>update reply{<BR> Reply-Message := "Type: %{reply:Person-Type}."<BR>}</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>Yet, I get:<BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>...</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>+- entering group post-auth {...}<BR> expand: Type: %{reply:Person-Type}. -> Type: .<BR>++[reply] returns noop<BR>...</DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>Is there something else I need to do to make sure the values returned from the ldap module are saved for reference outside the authorization block? <BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040>A.<BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040><BR></DIV>
<DIV id=yiv1167348323yui_3_2_0_14_132015920464040></DIV></DIV></DIV></DIV>
<div>
<META content=on http-equiv=x-dns-prefetch-control></div></div></body></html>