<div dir="ltr">Particularly concerned about the <span style="font-family:Menlo">F5-LTM-User-Role </span><font face="arial, helvetica, sans-serif">attribute since its an integer. I want to provide Manager (100) access to this user account, as defined in the F5 dictionary. Have I defined this attribute right in openldap. Would really appreciate if you could throw some light on that, and the rest of the attributes.</font><div>
<font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Thank you.<br></font><div><font face="arial, helvetica, sans-serif"><span style="font-size:14px"><br>
</span></font></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 20, 2014 at 11:59 AM, Ajinkya Fotedar <span dir="ltr"><<a href="mailto:ajinkyafotedar@gmail.com" target="_blank">ajinkyafotedar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Arran,<div><br></div><div>Thank you so much for the reply. I have made the above changes and I can see the attributes in the reply message (Access-accept packet).</div>
<div>Although, I am not sure if this is what it should look like. I have not tested it with F5 but just want to make sure that I am heading in the right direction.</div>
<div>Below is the debug and some configurations from FreeRADIUS and OpenLDAP.</div><div><br></div><div>Please let me know your thoughts.</div><div><br></div><div>Thank you.</div><div><br></div><div><br></div><div><br></div>

<div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>RADIUS debug</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Request packet from host 198.82.169.55 port 50524, id=211, length=132</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>NAS-Port = 234234</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">  </span>Message-Authenticator = 0x14e775dc18fbbbd91c707988226a3a22</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>MS-CHAP-Challenge = 0xa92999be9652acdb</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>MS-CHAP-Response = 0x00010000000000000000000000000000000000000000000000003ef65405da922bbe8b1f37ff9ba63458917d6bc42cf704c3</p>
<div class="">

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section authorize from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   filter_username filter_username {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name != "%{tolower:%{User-Name}}") </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">  </span>expand: "%{tolower:%{User-Name}}" -> 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name != "%{tolower:%{User-Name}}")  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ / /) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ / /)  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@.*@/ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@.*@/ )  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.\\./ ) </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.\\./ )  -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.$/)  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /\\.$/)   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@\\./)  </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    ? if (User-Name =~ /@\\./)   -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # filter_username filter_username = notfound</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [preprocess] = ok</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span style="white-space:pre-wrap">   </span>expand: "/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" -> '/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140520" target="_blank">198.82.169.55/auth-detail-20140520</a>'</p>


<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140520" target="_blank">198.82.169.55/auth-detail-20140520</a></p>


<p style="margin:0px;font-size:14px;font-family:Menlo">(0) auth_log : <span style="white-space:pre-wrap">       </span>expand: "%t" -> 'Tue May 20 11:37:46 2014'</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [auth_log] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   update control {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">  </span>expand: "uid=%{User-Name},ou=People,ou=NIS,o=vt" -> 'uid=dawson,ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">          </span>Ldap-UserDn := "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # update control = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">   </span>expand: "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))" -> '(&(uid=dawson))'</p>


<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">   </span>expand: "ou=People,ou=NIS,o=vt" -> 'ou=People,ou=NIS,o=vt'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Performing search in 'ou=People,ou=NIS,o=vt' with filter '(&(uid=dawson))'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : User object found at DN "uid=dawson,ou=People,ou=NIS,o=vt"</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">       </span>expand: "(&)" -> '(&)'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&)'</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Waiting for search result...</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Processing profile attributes</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>reply:Reply-Message := 'F5-LTM-User-Info-1+=\"R&D\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>reply:Reply-Message := 'F5-LTM-User-Partition+=\"RnD\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>reply:Reply-Message := 'F5-LTM-User-Role+=100'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>reply:Reply-Message := 'F5-LTM-User-Shell+=\"tmsh\"'</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : Processing user attributes</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>control:Password-With-Header += '{nt}D3055AE4C0D68D8BA71C538D1518B5CD'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>control:Password-With-Header += '{SSHA}omkfyFmnMrEq1jWG9T86Gh+XlpR87z11'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">           </span>control:Prohibited := FALSE</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) ldap : <span style="white-space:pre-wrap">               </span>control:Radius-Profile-DN := 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p><div class="">

<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [-ldap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing NT-Password from hex encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : Normalizing SSHA1-Password from base64 encoding</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) pap : No clear-text password in the request.  Not performing PAP.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [pap] = noop</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) mschap : Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   [mschap] = ok</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (!(control:NT-Password) || control:Prohibited == TRUE)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (!(control:NT-Password) || control:Prohibited == TRUE) -> FALSE</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (Ldap-Group != "%{control:Radius-Profile-DN}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">  </span>expand: "%{control:Radius-Profile-DN}" -> 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</p>
<div class="">

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Searching for user in group "cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Reserved connection (4)</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Using user DN from request "uid=dawson,ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Checking for user in group objects</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">      </span>expand: "(&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn}))" -> '(&(objectClass=groupOfNames)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>


<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&(objectClass=groupOfNames)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</p>
<div class="">

<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Waiting for search result...</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) User found in group object</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rlm_ldap (ldap): Released connection (4)</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if (Ldap-Group != "%{control:Radius-Profile-DN}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   else else {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    update control {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">          </span>Auth-Type := Accept</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)    } # update control = noop</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0)   } # else else = noop</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if ("%{reply:F5-LTM-User-Info-1}")</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) <span style="white-space:pre-wrap">  </span>expand: "%{reply:F5-LTM-User-Info-1}" -> ''</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)   ? if ("%{reply:F5-LTM-User-Info-1}") -> FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0)  } #  authorize = ok</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) Found Auth-Type = Accept</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Auth-Type = Accept, accepting the user</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo"><b>(0) WARNING: Empty post-auth section.  Using default return values.</b></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) # Executing section post-auth from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Accept of id 211 from 198.82.169.55 port 1830 to 198.82.169.55 port 50524</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Info-1+=\"R&D\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Partition+=\"RnD\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Role+=100'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Shell+=\"tmsh\"'</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">(0) Finished request 0.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 0.3 seconds.</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">Waking up in 4.6 seconds.</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">(0) Cleaning up request packet ID 211 with timestamp +2</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><b>Ready to process requests.</b></p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><b></b><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><b></b><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><b></b><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>radtest</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><b></b><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">$ radtest -t mschap -x dawson wakkawakka <a href="http://198.82.169.55:1830" target="_blank">198.82.169.55:1830</a> 234234 testing123</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/bin/radclient)</p>


<p style="margin:0px;font-size:14px;font-family:Menlo">/apps/radius/freeradius-3.0.1/bin/radclient: /usr/local/samba/lib/libtalloc.so.2: no version information available (required by /apps/radius/freeradius-3.0.1/lib/libfreeradius-radius.so)</p>


</div><p style="margin:0px;font-size:14px;font-family:Menlo">Sending Access-Request of id 211 from 0.0.0.0 port 50524 to 198.82.169.55 port 1830</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>User-Name = 'dawson'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>NAS-IP-Address = 198.82.169.55</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>NAS-Port = 234234</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Message-Authenticator = 0x00</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">  </span>MS-CHAP-Challenge = 0xa92999be9652acdb</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>MS-CHAP-Response = 0x00010000000000000000000000000000000000000000000000003ef65405da922bbe8b1f37ff9ba63458917d6bc42cf704c3</p>


<p style="margin:0px;font-size:14px;font-family:Menlo">  Code:<span style="white-space:pre-wrap">              </span>1</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Id:<span style="white-space:pre-wrap">                </span>211</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Length:<span style="white-space:pre-wrap">    </span>132</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Vector:<span style="white-space:pre-wrap">    </span>b3c92ab8d0c718d8e265b6301bae7a11</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">  Data:<span style="white-space:pre-wrap">              </span>01  08  64 61 77 73 6f 6e </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>04  06  c6 52 a9 37 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>05  06  00 03 92 fa </p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">          </span>50  12  14 e7 75 dc 18 fb bb d9 1c 70 79 88 22 6a 3a 22 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>1a  10  00 00 01 37 0b 0a a9 29 99 be 96 52 ac db </p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>1a  3a  00 00 01 37 01 34 00 01 00 00 00 00 00 00 00 00 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                  </span>3e f6 54 05 da 92 2b be 8b 1f 37 ff 9b a6 34 58 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>91 7d 6b c4 2c f7 04 c3 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">rad_recv: Access-Accept packet from host 198.82.169.55 port 1830, id=211, length=127</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Code:<span style="white-space:pre-wrap">              </span>2</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Id:<span style="white-space:pre-wrap">                </span>211</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Length:<span style="white-space:pre-wrap">    </span>127</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Vector:<span style="white-space:pre-wrap">    </span>ff52e972ccb4ee95c7b64719c2ea3986</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">  Data:<span style="white-space:pre-wrap">              </span>12  1b  46 35 2d 4c 54 4d 2d 55 73 65 72 2d 49 6e 66 6f </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>2d 31 2b 3d <a href="tel:22%2052%2026%2044%2022" value="+12252264422" target="_blank">22 52 26 44 22</a> </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>12  1e  46 35 2d 4c 54 4d 2d 55 73 65 72 2d 50 61 72 74 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>69 74 69 6f 6e 2b 3d 22 52 6e 44 22 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>12  17  46 35 2d 4c 54 4d 2d 55 73 65 72 2d 52 6f 6c 65 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>2b 3d 31 30 30 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">              </span>12  1b  46 35 2d 4c 54 4d 2d 55 73 65 72 2d 53 68 65 6c </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">                      </span>6c 2b 3d 22 74 6d 73 68 22 </p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Info-1+=\"R&D\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Partition+=\"RnD\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Role+=100'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="white-space:pre-wrap">      </span>Reply-Message = 'F5-LTM-User-Shell+=\"tmsh\"'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>sites-enabled/default</b></span></p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authorize {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    filter_username</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    preprocess</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    auth_log</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px">    </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        Ldap-UserDn := "uid=%{User-Name},ou=People,ou=NIS,o=vt"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px">    </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    -ldap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
</div><div class=""><p style="margin:0px;font-size:14px;font-family:Menlo">    if(!(control:NT-Password) || control:Prohibited == TRUE){</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        Auth-Type := Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">    if(Ldap-Group != "%{control:Radius-Profile-DN}"){</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">      update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          Auth-Type:=Reject</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">    else{</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">      update control{</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">          Auth-Type:=Accept</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        }</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px">       </p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">authenticate {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        mschap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        pap</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>mods-enabled/ldap</b></span></p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">update {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        control:Password-With-Header    += 'userPassword'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        control:NT-Password     := 'ntPassword'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        control:Prohibited      := 'prohibited'</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">        control:Radius-Profile-DN       :=  'radiusProfileDn'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        reply:Reply-Message     := 'radiusReplyMessage'</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">user  {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        base_dn = "ou=People,${..base_dn}"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        scope = 'sub'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">group {</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        base_dn = "ou=Groups,ou=F5,ou=Configuration,${..base_dn}"</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">        filter = "(objectClass=groupOfNames)"</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo">        scope = 'base'</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        name_attribute = cn</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">        membership_filter = "(member=%{control:Ldap-UserDn})"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">}</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>OpenLDAP</b></span></p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># R&D, Groups, F5, Configuration, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: R&D</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">description: Entiries for the R&D group user accounts</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">member: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">radiusReplyMessage: F5-LTM-User-Info-1+="R&D"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">radiusReplyMessage: F5-LTM-User-Partition+="RnD"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">radiusReplyMessage: F5-LTM-User-Role+=100</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">radiusReplyMessage: F5-LTM-User-Shell+="tmsh"</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: groupOfNames</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: radiusprofile</p><div class="">
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"># dawson, People, NIS, vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">dn: uid=dawson,ou=People,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">cn: Jacob M. Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">uid: dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">sn: Dawson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">givenName: Jacob</p>
</div><p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: inetOrgPerson</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: nisUserAccount</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">objectClass: radiusprofile</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">prohibited: FALSE</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">radiusProfileDn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b>F5 VSAs</b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><span style="text-decoration:underline"><b></b></span><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VENDOR      F5              3375</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">BEGIN-VENDOR    F5</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Role            1   integer</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Role-Universal      2   integer    # enable/disable</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Partition           3   string</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Console         4   integer    # enable/disable</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Shell           5   string     # supported values are disable, tmsh, and bpsh</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Context-1           10  integer</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Context-2           11  integer</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Info-1          12  string</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">ATTRIBUTE   F5-LTM-User-Info-2          13  string</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Administrator       0</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Resource-Admin      20</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        User-Manager        40</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Manager         100</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        App-Editor      300</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Operator        400</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Guest           700</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        Policy-Editor       800</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role        No-Access       900</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role-Universal  Disabled        0</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Role-Universal  Enabled         1</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Console     Disabled        0</p>
<p style="margin:0px;font-size:14px;font-family:Menlo">VALUE   F5-LTM-User-Console     Enabled         1</p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><br></p>
<p style="margin:0px;font-size:14px;font-family:Menlo">END-VENDOR   F5</p></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Mon, May 19, 2014 at 4:26 PM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br>

</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div><br>
On 19 May 2014, at 20:36, Ajinkya Fotedar <<a href="mailto:ajinkyafotedar@gmail.com" target="_blank">ajinkyafotedar@gmail.com</a>> wrote:<br>
<br>
> Also, the update section under the ldap modules looks like this.<br>
><br>
> update {<br>
>         control:Password-With-Header    += 'userPassword'<br>
>         control:NT-Password     := 'ntPassword'<br>
>         control:Prohibited      := 'prohibited'<br>
>         control:Group-Membership    :=  'groupMembership'<br>
>         reply:F5-LTM-User-Info-1    := 'userInfo'<br>
>         reply:F5-LTM-User-Role      := 'userRole'<br>
>         reply:F5-LTM-User-Partition := 'userPartition'<br>
>         reply:F5-LTM-User-Shell     := 'userShell'<br>
> }<br>
<br>
</div>Attributes are not retrieved for groups. You need to add profiles with the various reply attributes, and add that profile to the user.<br>
<br>
-Arran<br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
<br></div></div>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br></div>
</blockquote></div><br></div></div></div>