<div dir="ltr">Also, the update section under the ldap modules looks like this.<div><br></div><div><p style="margin:0px;font-size:13px;font-family:Menlo">update {</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> control:Password-With-Header += 'userPassword'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> control:NT-Password := 'ntPassword'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> control:Prohibited := 'prohibited'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> control:Group-Membership := 'groupMembership'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> reply:F5-LTM-User-Info-1 := 'userInfo'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> reply:F5-LTM-User-Role := 'userRole'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> reply:F5-LTM-User-Partition := 'userPartition'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo"> reply:F5-LTM-User-Shell := 'userShell'</p>
<p style="margin:0px;font-size:13px;font-family:Menlo">}</p></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, May 19, 2014 at 3:33 PM, Ajinkya Fotedar <span dir="ltr"><<a href="mailto:ajinkyafotedar@gmail.com" target="_blank">ajinkyafotedar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><font face="arial, helvetica, sans-serif">Hi,</font><div><font face="arial, helvetica, sans-serif"><br></font></div>
<div><font face="arial, helvetica, sans-serif">I am trying to send F5 vendor-specific attributes in the Access-Accept packet.</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">When freeradius (ldap module) searches and finds a specific user in openldap, It processes the user's attributes and adds them to the control list. One of the attributes specifies the group that user account belongs to. </font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">The next step is to find that user in the specified group, which is successful. Only this time, there are some F5 VSAs that are not getting added to the reply list. When I pass those VSAs in the Access-Accept packet, I see them as Attr-26 = <span style="font-size:13px">0x00000d2f</span></font></div>
<div><span style="font-size:13px"><font face="arial, helvetica, sans-serif"><br></font></span></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:13px">I have read the </span>rlm_ldap and related documentation on the wiki. I am not sure why I don't see the value of F5 VSAs in the reply as I can definitely process the attributes defined for a user account under the People subtree.</font></div>
<div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Below is the debug output and some configuration. Can anyone point me to the right direction.</font></div><div>
<font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Thank you.</font></div><div><font face="arial, helvetica, sans-serif"><br>
</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>RADIUS debug</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Ready to process requests.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Request packet from host 198.82.169.55 port 52634, id=78, length=132</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>NAS-Port = 234234</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>Message-Authenticator = 0x9552e405f519c05100b3510ad97bcec0</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-Challenge = 0x9dcbb5409eb06d58</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000dcc9a916ce5fc5419b592ba3be3e116831d411dc6e454c81</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section authorize from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) filter_username filter_username {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name != "%{tolower:%{User-Name}}") </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{tolower:%{User-Name}}" -> 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ / /) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ / /) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /@.*@/ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /@.*@/ ) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /\\.\\./ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /\\.\\./ ) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /\\.$/) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /\\.$/) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /@\\./) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (User-Name =~ /@\\./) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # filter_username filter_username = notfound</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [preprocess] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span style="white-space:pre-wrap"> </span>expand: "/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" -> '/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140519" target="_blank">198.82.169.55/auth-detail-20140519</a>'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140519" target="_blank">198.82.169.55/auth-detail-20140519</a></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span style="white-space:pre-wrap"> </span>expand: "%t" -> 'Mon May 19 14:55:25 2014'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [auth_log] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) update control {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "uid=%{User-Name},ou=People,ou=NIS,o=vt" -> 'uid=dawson,ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>Ldap-UserDn := "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # update control = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>expand: "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))" -> '(&(uid=dawson))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>expand: "ou=People,ou=NIS,o=vt" -> 'ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Performing search in 'ou=People,ou=NIS,o=vt' with filter '(&(uid=dawson))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : User object found at DN "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Processing user attributes</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>control:Password-With-Header += '{nt}D3055AE4C0D68D8BA71C538D1518B5CD'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>control:Password-With-Header += '{SSHA}omkfyFmnMrEq1jWG9T86Gh+XlpR87z11'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>control:Prohibited := FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>control:Group-Membership := 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap"> </span>control:Group-Membership := 'cn=TLOS,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [-ldap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing NT-Password from hex encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing SSHA1-Password from base64 encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : No clear-text password in the request. Not performing PAP.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [pap] = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [mschap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (!(control:NT-Password) || control:Prohibited == TRUE)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (!(control:NT-Password) || control:Prohibited == TRUE) -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (Ldap-Group != "%{control:Group-Membership}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{control:Group-Membership}" -> 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Searching for user in group "cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Using user DN from request "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Checking for user in group objects</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "(&(objectClass=f5Group)(member=%{control:Ldap-UserDn}))" -> '(&(objectClass=f5Group)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&(objectClass=f5Group)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) User found in group object</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if (Ldap-Group != "%{control:Group-Membership}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) else else {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) update reply {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{reply:F5-LTM-User-Info-1}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>F5-LTM-User-Info-1 := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{reply:F5-LTM-User-Role}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>F5-LTM-User-Role := Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{reply:F5-LTM-User-Partition}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>F5-LTM-User-Partition := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{reply:F5-LTM-User-Shell}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>F5-LTM-User-Shell := ""</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # update reply = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # else else = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if ("%{reply:F5-LTM-User-Info-1}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap"> </span>expand: "%{reply:F5-LTM-User-Info-1}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ? if ("%{reply:F5-LTM-User-Info-1}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # authorize = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Found Auth-Type = MSCHAP</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing group from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) authenticate {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : No Cleartext-Password configured. Cannot create LM-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Found NT-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Client is using MS-CHAPv1 with NT-Password</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : adding MS-CHAPv1 MPPE keys</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) [mschap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) } # authenticate = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) WARNING: Empty post-auth section. Using default return values.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section post-auth from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Accept of id 78 from 198.82.169.55 port 1830 to 198.82.169.55 port 52634</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>F5-LTM-User-Info-1 = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>F5-LTM-User-Role = Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>F5-LTM-User-Partition = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>F5-LTM-User-Shell = ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-MPPE-Keys = 0x0000000000000000122d083be857e0cf1f5c975f5efd01cc0000000000000000</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-MPPE-Encryption-Policy = Encryption-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Finished request 0.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 0.3 seconds.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 4.6 seconds.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>radtest</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">$ radtest -t mschap -x dawson wakkawakka <a href="http://198.82.169.55:1830" target="_blank">198.82.169.55:1830</a> 234234 testing123</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/bin/radclient)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/lib/libfreeradius-radius.so)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Request of id 78 from 0.0.0.0 port 52634 to 198.82.169.55 port 1830</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>NAS-Port = 234234</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>Message-Authenticator = 0x00</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-Challenge = 0x9dcbb5409eb06d58</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000dcc9a916ce5fc5419b592ba3be3e116831d411dc6e454c81</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Code:<span style="white-space:pre-wrap"> </span>1</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Id:<span style="white-space:pre-wrap"> </span>78</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Length:<span style="white-space:pre-wrap"> </span>132</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Vector:<span style="white-space:pre-wrap"> </span>1e35220367d4329bdebec2d38afe7fd6</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Data:<span style="white-space:pre-wrap"> </span>01 08 64 61 77 73 6f 6e </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>04 06 c6 52 a9 37 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>05 06 00 03 92 fa </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>50 12 95 52 e4 05 f5 19 c0 51 00 b3 51 0a d9 7b ce c0 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 10 00 00 01 37 0b 0a 9d cb b5 40 9e b0 6d 58 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 3a 00 00 01 37 01 34 00 01 00 00 00 00 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>dc c9 a9 16 ce 5f c5 41 9b 59 2b a3 be 3e 11 68 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>31 d4 11 dc 6e 45 4c 81 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Accept packet from host 198.82.169.55 port 1830, id=78, length=114</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Code:<span style="white-space:pre-wrap"> </span>2</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Id:<span style="white-space:pre-wrap"> </span>78</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Length:<span style="white-space:pre-wrap"> </span>114</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Vector:<span style="white-space:pre-wrap"> </span>e1389574bdb00555d937ba3d5fac91d7</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Data:<span style="white-space:pre-wrap"> </span>1a 06 00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 0c 00 00 0d 2f 01 06 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 06 00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 06 00 00 0d 2f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 28 00 00 01 37 0c 22 1d 16 9c ca 93 1c 0f eb 35 cd </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>73 0b ac 58 5c 61 81 2a d8 a6 81 3e bb 70 4a ce </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>98 0e d8 d5 d9 d3 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 0c 00 00 01 37 07 06 00 00 00 01 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>1a 0c 00 00 01 37 08 06 00 00 00 06 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>F5-LTM-User-Role = Administrator</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>Attr-26 = 0x00000d2f</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-CHAP-MPPE-Keys = 0x</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-MPPE-Encryption-Policy = Encryption-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span>MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>LDAP module</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">user {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> base_dn = "ou=People,${..base_dn}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span> filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span> scope = 'sub'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">group {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> base_dn = "ou=Groups,ou=F5,ou=Configuration,${..base_dn}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> filter = "(objectClass=f5Group)"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> scope = 'base'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> name_attribute = cn</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> membership_filter = "(member=%{control:Ldap-UserDn})"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>Default server</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> filter_username</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> preprocess</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> auth_log</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Ldap-UserDn := "uid=%{User-Name},ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> -ldap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> #Invalid People</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> if(!(control:NT-Password) || control:Prohibited == TRUE){</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Auth-Type := Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> #"%{control:Group-Membership}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> if(Ldap-Group != "%{control:Group-Membership}"){</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> Auth-Type:=Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"> </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap"> </span> else{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> update reply{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> F5-LTM-User-Info-1 := "%{reply:F5-LTM-User-Info-1}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> F5-LTM-User-Role := "%{reply:F5-LTM-User-Role}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> F5-LTM-User-Partition := "%{reply:F5-LTM-User-Partition}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> F5-LTM-User-Shell := "%{reply:F5-LTM-User-Shell}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authenticate {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"> pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"> </p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>OpenLDAP Entries</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># dawson, People, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: Jacob M. Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">uid: dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">sn: Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">givenName: Jacob</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">groupMembership: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">prohibited: FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: inetOrgPerson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: nisUserAccount</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># R&D, Groups, F5, Configuration, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: R&D</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">description: Entiries for the R&D group user accounts</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userInfo: R&D</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userPartition: RnD</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userRole: 100</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">userShell: tmsh</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">member: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: f5Group</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: groupOfNames</p></div></div>
</blockquote></div><br></div>