<div dir="ltr"><font face="arial, helvetica, sans-serif">Hi,</font><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">I am trying to send F5 vendor-specific attributes in the Access-Accept packet.</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">When freeradius (ldap module) searches and finds a specific user in openldap, It processes the user's attributes and adds them to the control list. One of the attributes specifies the group that user account belongs to. </font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">The next step is to find that user in the specified group, which is successful. Only this time, there are some F5 VSAs that are not getting added to the reply list. When I pass those VSAs in the Access-Accept packet, I see them as Attr-26 = <span style="font-size:13px">0x00000d2f</span></font></div>
<div><span style="font-size:13px"><font face="arial, helvetica, sans-serif"><br></font></span></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:13px">I have read the </span>rlm_ldap and related documentation on the wiki. I am not sure why I don't see the value of F5 VSAs in the reply as I can definitely process the attributes defined for a user account under the People subtree.</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Below is the debug output and some configuration. Can anyone point me to the right direction.</font></div><div>
<font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Thank you.</font></div><div><font face="arial, helvetica, sans-serif"><br>
</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>RADIUS debug</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Ready to process requests.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Request packet from host 198.82.169.55 port 52634, id=78, length=132</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>NAS-Port = 234234</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>Message-Authenticator = 0x9552e405f519c05100b3510ad97bcec0</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-Challenge = 0x9dcbb5409eb06d58</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000dcc9a916ce5fc5419b592ba3be3e116831d411dc6e454c81</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section authorize from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   filter_username filter_username {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name != "%{tolower:%{User-Name}}") </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{tolower:%{User-Name}}" -> 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name != "%{tolower:%{User-Name}}")  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ / /) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ / /)  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@.*@/ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@.*@/ )  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.\\./ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.\\./ )  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.$/)  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.$/)   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@\\./)  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@\\./)   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # filter_username filter_username = notfound</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [preprocess] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span class="" style="white-space:pre"> </span>expand: "/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" -> '/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140519">198.82.169.55/auth-detail-20140519</a>'</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140519">198.82.169.55/auth-detail-20140519</a></p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span class="" style="white-space:pre"> </span>expand: "%t" -> 'Mon May 19 14:55:25 2014'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [auth_log] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   update control {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "uid=%{User-Name},ou=People,ou=NIS,o=vt" -> 'uid=dawson,ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">            </span>Ldap-UserDn := "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # update control = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">     </span>expand: "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))" -> '(&(uid=dawson))'</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">     </span>expand: "ou=People,ou=NIS,o=vt" -> 'ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Performing search in 'ou=People,ou=NIS,o=vt' with filter '(&(uid=dawson))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : User object found at DN "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Processing user attributes</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">             </span>control:Password-With-Header += '{nt}D3055AE4C0D68D8BA71C538D1518B5CD'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">             </span>control:Password-With-Header += '{SSHA}omkfyFmnMrEq1jWG9T86Gh+XlpR87z11'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">             </span>control:Prohibited := FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">             </span>control:Group-Membership := 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span class="" style="white-space:pre">             </span>control:Group-Membership := 'cn=TLOS,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [-ldap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing NT-Password from hex encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing SSHA1-Password from base64 encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : No clear-text password in the request.  Not performing PAP.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [pap] = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [mschap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (!(control:NT-Password) || control:Prohibited == TRUE)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (!(control:NT-Password) || control:Prohibited == TRUE) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (Ldap-Group != "%{control:Group-Membership}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{control:Group-Membership}" -> 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Searching for user in group "cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Using user DN from request "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Checking for user in group objects</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "(&(objectClass=f5Group)(member=%{control:Ldap-UserDn}))" -> '(&(objectClass=f5Group)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&(objectClass=f5Group)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) User found in group object</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (Ldap-Group != "%{control:Group-Membership}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   else else {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    update reply {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{reply:F5-LTM-User-Info-1}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">            </span>F5-LTM-User-Info-1 := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{reply:F5-LTM-User-Role}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">            </span>F5-LTM-User-Role := Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{reply:F5-LTM-User-Partition}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">            </span>F5-LTM-User-Partition := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{reply:F5-LTM-User-Shell}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">            </span>F5-LTM-User-Shell := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    } # update reply = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # else else = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if ("%{reply:F5-LTM-User-Info-1}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span class="" style="white-space:pre">    </span>expand: "%{reply:F5-LTM-User-Info-1}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if ("%{reply:F5-LTM-User-Info-1}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)  } #  authorize = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Found Auth-Type = MSCHAP</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing group from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   authenticate {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : No Cleartext-Password configured.  Cannot create LM-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Found NT-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Client is using MS-CHAPv1 with NT-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : adding MS-CHAPv1 MPPE keys</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [mschap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)  } #  authenticate = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) WARNING: Empty post-auth section.  Using default return values.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section post-auth from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Accept of id 78 from 198.82.169.55 port 1830 to 198.82.169.55 port 52634</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>F5-LTM-User-Info-1 = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>F5-LTM-User-Role = Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>F5-LTM-User-Partition = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>F5-LTM-User-Shell = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-MPPE-Keys = 0x0000000000000000122d083be857e0cf1f5c975f5efd01cc0000000000000000</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-MPPE-Encryption-Policy = Encryption-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Finished request 0.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 0.3 seconds.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 4.6 seconds.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>radtest</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">$ radtest -t mschap -x dawson wakkawakka <a href="http://198.82.169.55:1830">198.82.169.55:1830</a> 234234 testing123</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/bin/radclient)</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/lib/libfreeradius-radius.so)</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Request of id 78 from 0.0.0.0 port 52634 to 198.82.169.55 port 1830</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>NAS-Port = 234234</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>Message-Authenticator = 0x00</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-Challenge = 0x9dcbb5409eb06d58</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000dcc9a916ce5fc5419b592ba3be3e116831d411dc6e454c81</p>

<p style="margin:0px;font-size:14px;font-family:Menlo">  Code:<span class="" style="white-space:pre">                </span>1</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Id:<span class="" style="white-space:pre">          </span>78</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Length:<span class="" style="white-space:pre">      </span>132</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Vector:<span class="" style="white-space:pre">      </span>1e35220367d4329bdebec2d38afe7fd6</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Data:<span class="" style="white-space:pre">                </span>01  08  64 61 77 73 6f 6e </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>04  06  c6 52 a9 37 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>05  06  00 03 92 fa </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>50  12  95 52 e4 05 f5 19 c0 51 00 b3 51 0a d9 7b ce c0 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  10  00 00 01 37 0b 0a 9d cb b5 40 9e b0 6d 58 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  3a  00 00 01 37 01 34 00 01 00 00 00 00 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                        </span>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                        </span>dc c9 a9 16 ce 5f c5 41 9b 59 2b a3 be 3e 11 68 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                        </span>31 d4 11 dc 6e 45 4c 81 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Accept packet from host 198.82.169.55 port 1830, id=78, length=114</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Code:<span class="" style="white-space:pre">                </span>2</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Id:<span class="" style="white-space:pre">          </span>78</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Length:<span class="" style="white-space:pre">      </span>114</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Vector:<span class="" style="white-space:pre">      </span>e1389574bdb00555d937ba3d5fac91d7</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Data:<span class="" style="white-space:pre">                </span>1a  06  00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  0c  00 00 0d 2f 01 06 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  06  00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  06  00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  28  00 00 01 37 0c 22 1d 16 9c ca 93 1c 0f eb 35 cd </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                        </span>73 0b ac 58 5c 61 81 2a d8 a6 81 3e bb 70 4a ce </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                        </span>98 0e d8 d5 d9 d3 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  0c  00 00 01 37 07 06 00 00 00 01 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span>1a  0c  00 00 01 37 08 06 00 00 00 06 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>F5-LTM-User-Role = Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-CHAP-MPPE-Keys = 0x</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-MPPE-Encryption-Policy = Encryption-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span>MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>LDAP module</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">user {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        base_dn = "ou=People,${..base_dn}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span> filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">                </span> scope = 'sub'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">     }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">group {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        base_dn = "ou=Groups,ou=F5,ou=Configuration,${..base_dn}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        filter = "(objectClass=f5Group)"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        scope = 'base'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        name_attribute = cn</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        membership_filter = "(member=%{control:Ldap-UserDn})"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">     }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>Default server</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    filter_username</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    preprocess</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    auth_log</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        Ldap-UserDn := "uid=%{User-Name},ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    -ldap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    #Invalid People</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    if(!(control:NT-Password) || control:Prohibited == TRUE){</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        Auth-Type := Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    #"%{control:Group-Membership}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    if(Ldap-Group != "%{control:Group-Membership}"){</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">      update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          Auth-Type:=Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px">    </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span class="" style="white-space:pre">        </span> else{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">       update reply{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          F5-LTM-User-Info-1 := "%{reply:F5-LTM-User-Info-1}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          F5-LTM-User-Role := "%{reply:F5-LTM-User-Role}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          F5-LTM-User-Partition := "%{reply:F5-LTM-User-Partition}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          F5-LTM-User-Shell := "%{reply:F5-LTM-User-Shell}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">       }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authenticate {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px">  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>OpenLDAP Entries</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># dawson, People, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: Jacob M. Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">uid: dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">sn: Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">givenName: Jacob</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">groupMembership: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">prohibited: FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: inetOrgPerson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: nisUserAccount</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># R&D, Groups, F5, Configuration, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: R&D</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">description: Entiries for the R&D group user accounts</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userInfo: R&D</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userPartition: RnD</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userRole: 100</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userShell: tmsh</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">member: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: f5Group</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: groupOfNames</p></div></div>