<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000">Hi Arran,</font></div><font face="arial, helvetica, sans-serif" style="font-size:13px" color="#000000"><div>
<font face="arial, helvetica, sans-serif"><br></font></div>I have used radiusReplyItem attribute in the user objects in openldap. I have modified the entries in openldap accordingly and can see the required attributes as a reply item in the Access-accept packet. Although not getting the attributes as I would expect. This has something to do with attribute mapping but I am not sure which parts of the FreeRADIUS server config require tweaks. Can anyone help me out with the same.</font><div style="font-family:arial,sans-serif;font-size:13px">
<font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000">This is how I would like the radtest to look like:</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><p style="margin:0px;font-family:Arial"><font color="#000000">$ radtest jsmith test 192.168.1.100 0 secret</font></p><p style="margin:0px;font-family:Arial"><font color="#000000">Sending Access-Request of id 187 to 192.168.1.100 port 1812</font></p>
<p style="margin:0px;font-family:Arial"><font color="#000000"> User-Name = "jsmith"</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> User-Password = "test"</font></p>
<p style="margin:0px;font-family:Arial"><font color="#000000"> NAS-IP-Address = 192.168.1.100</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> NAS-Port = 0</font></p><p style="margin:0px;font-family:Arial">
<font color="#000000">rad_recv: Access-Accept packet from host 192.168.1.100 port 1812, id=187, length=112</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> Service-Type = Framed-User</font></p>
<p style="margin:0px;font-family:Arial"><font color="#000000"> Framed-Protocol = PPP</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> Framed-Routing = Broadcast-Listen</font></p><p style="margin:0px;font-family:Arial">
<font color="#000000"> Filter-Id = "std.ppp"</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> Framed-MTU = 1500</font></p><p style="margin:0px;font-family:Arial"><font color="#000000"> Framed-Compression = Van-Jacobson-TCP-IP</font></p>
<p style="margin:0px;font-family:Arial"><b><font color="#000000"> F5-LTM-User-Role = Manager</font></b></p><p style="margin:0px;font-family:Arial"><b><font color="#000000"> F5-LTM-User-Info-1 = "mgmt"</font></b></p>
<p style="margin:0px;font-family:Arial"><b><font color="#000000"> F5-LTM-User-Partition = "admin"</font></b></p><p style="margin:0px;font-size:14px;font-family:Arial"></p><p style="margin:0px;font-family:Arial">
<b><font color="#000000"> F5-LTM-User-Shell = "tmsh"</font></b></p></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div style="font-family:arial,sans-serif;font-size:13px"><font color="#000000" face="arial, helvetica, sans-serif"><span style="line-height:18px">And this is what it looks like right now:</span></font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000">$ radtest -t mschap dawson wakkawakka <a href="http://198.82.169.55:1830/" target="_blank">198.82.169.55:1830</a> 234234 testing123</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000">Sending Access-Request of id 48 from 0.0.0.0 port 33814 to 198.82.169.55 port 1830</font></p><div class="im"><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>User-Name = 'dawson'</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>NAS-IP-Address = 198.82.169.55</font></p><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>NAS-Port = 234234</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>Message-Authenticator = 0x00</font></p></div><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>MS-CHAP-Challenge = 0x45c9d617e4bbadea</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span>MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000079a2d20cd58f9af0c5957ede5deaf85b04b2dd9bec6104eb</font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000">rad_recv: Access-Accept packet from host 198.82.169.55 port 1830, id=48, length=153</font></p><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><span style="white-space:pre-wrap"> </span><b>F5-LTM-User-Info-1 = 'F5-LTM-User-Info-1+=\"R&D\"'</b></font></p>
<p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><b><span style="white-space:pre-wrap"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Partition+=\"RnD\"'</b></font></p><p style="margin:0px">
<font face="arial, helvetica, sans-serif" color="#000000"><b><span style="white-space:pre-wrap"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Role+=\"100\"'</b></font></p><p style="margin:0px"><font face="arial, helvetica, sans-serif" color="#000000"><b><span style="white-space:pre-wrap"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Shell+=\"tmsh\"'</b></font></p>
</div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"><br>
</font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000">Below are the outputs for radius debug, radtest and some FreeRADIUS and OpenLDAP config. </font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000">Would really appreciate any help.</font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"><br>
</font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000"> </font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif" color="#000000">Thank you.</font></div>
<div><font face="arial, helvetica, sans-serif" color="#000000"><br></font></div><div class="gmail_extra"><font color="#000000"><br></font></div><div class="gmail_extra"><p style="margin:0px;font-size:14px;font-family:Menlo">
<span style="text-decoration:underline"><b><font color="#000000">RADIUS debug</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rad_recv: Access-Request packet from host 198.82.169.55 port 34716, id=142, length=132</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>User-Name = 'dawson'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>NAS-IP-Address = 198.82.169.55</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>NAS-Port = 234234</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>Message-Authenticator = 0xa28852d05f29ba0fac4c4b1046e4178c</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>MS-CHAP-Challenge = 0x4e9904591878fd82</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000606a875cc1203e10b37861612644c9e3f4e709f7e56f53b9</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) # Executing section authorize from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) authorize {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) filter_username filter_username {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name != "%{tolower:%{User-Name}}") </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>expand: "%{tolower:%{User-Name}}" -> 'dawson'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ / /) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ / /) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /@.*@/ ) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /@.*@/ ) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /\\.\\./ ) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /\\.\\./ ) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /\\.$/) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /\\.$/) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /@\\./) </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (User-Name =~ /@\\./) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) } # filter_username filter_username = notfound</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) [preprocess] = ok</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) auth_log : <span class="" style="white-space:pre"> </span>expand: "/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" -> '/apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140521">198.82.169.55/auth-detail-20140521</a>'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) auth_log : /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /apps/home/radius/freeradius/load-balancing/var/log/radius/radacct/<a href="http://198.82.169.55/auth-detail-20140521">198.82.169.55/auth-detail-20140521</a></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) auth_log : <span class="" style="white-space:pre"> </span>expand: "%t" -> 'Wed May 21 08:31:51 2014'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) [auth_log] = ok</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) update control {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>expand: "uid=%{User-Name},ou=People,ou=NIS,o=vt" -> 'uid=dawson,ou=People,ou=NIS,o=vt'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>Ldap-UserDn := "uid=dawson,ou=People,ou=NIS,o=vt"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) } # update control = noop</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rlm_ldap (ldap): Reserved connection (4)</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>expand: "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))" -> '(&(uid=dawson))'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>expand: "ou=People,ou=NIS,o=vt" -> 'ou=People,ou=NIS,o=vt'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Performing search in 'ou=People,ou=NIS,o=vt' with filter '(&(uid=dawson))'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Waiting for search result...</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : User object found at DN "uid=dawson,ou=People,ou=NIS,o=vt"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>expand: "(&)" -> '(&)'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&)'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Waiting for search result...</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Processing profile attributes</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Info-1+=\"R&D\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Partition+=\"RnD\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Role+=\"100\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Shell+=\"tmsh\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : Processing user attributes</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>control:Password-With-Header += '{nt}D3055AE4C0D68D8BA71C538D1518B5CD'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>control:Password-With-Header += '{SSHA}omkfyFmnMrEq1jWG9T86Gh+XlpR87z11'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>control:Prohibited := FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ldap : <span class="" style="white-space:pre"> </span>control:Radius-Profile-DN := 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rlm_ldap (ldap): Released connection (4)</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><b><font color="#000000">rlm_ldap (ldap): Closing connection (0): Too many free connections (5 > 3)</font></b></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) [-ldap] = ok</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) pap : Normalizing NT-Password from hex encoding</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) pap : Normalizing SSHA1-Password from base64 encoding</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) pap : No clear-text password in the request. Not performing PAP.</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) [pap] = noop</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) [mschap] = ok</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (!(control:NT-Password) || control:Prohibited == TRUE)</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (!(control:NT-Password) || control:Prohibited == TRUE) -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (Ldap-Group != "%{control:Radius-Profile-DN}")</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>expand: "%{control:Radius-Profile-DN}" -> 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Searching for user in group "cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rlm_ldap (ldap): Reserved connection (4)</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Using user DN from request "uid=dawson,ou=People,ou=NIS,o=vt"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Checking for user in group objects</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>expand: "(&(objectClass=groupOfNames)(member=%{control:Ldap-UserDn}))" -> '(&(objectClass=groupOfNames)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Performing search in 'cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt' with filter '(&(objectClass=groupOfNames)(member=uid\3ddawson\2cou\3dPeople\2cou\3dNIS\2co\3dvt))'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Waiting for search result...</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) User found in group object</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rlm_ldap (ldap): Released connection (4)</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) ? if (Ldap-Group != "%{control:Radius-Profile-DN}") -> FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) else else {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) update control {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) <span class="" style="white-space:pre"> </span>Auth-Type := Accept</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) } # update control = noop</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) } # else else = noop</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) } # authorize = ok</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Found Auth-Type = Accept</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Auth-Type = Accept, accepting the user</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><b><font color="#000000">(0) WARNING: Empty post-auth section. Using default return values.</font></b></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) # Executing section post-auth from file /apps/home/radius/freeradius/load-balancing/etc/raddb/sites-enabled/default</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">Sending Access-Accept of id 142 from 198.82.169.55 port 1830 to 198.82.169.55 port 34716</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Info-1+=\"R&D\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Partition+=\"RnD\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Role+=\"100\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Shell+=\"tmsh\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Finished request 0.</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">Waking up in 0.3 seconds.</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">Waking up in 4.6 seconds.</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">(0) Cleaning up request packet ID 142 with timestamp +12</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><b><font color="#000000">Ready to process requests.</font></b></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><b></b><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><b></b><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><b></b><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b><font color="#000000">radtest</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><b></b><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">$ radtest -t mschap dawson wakkawakka <a href="http://198.82.169.55:1830">198.82.169.55:1830</a> 234234 testing123</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">Sending Access-Request of id 48 from 0.0.0.0 port 33814 to 198.82.169.55 port 1830</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>User-Name = 'dawson'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>NAS-IP-Address = 198.82.169.55</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>NAS-Port = 234234</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>Message-Authenticator = 0x00</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>MS-CHAP-Challenge = 0x45c9d617e4bbadea</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000079a2d20cd58f9af0c5957ede5deaf85b04b2dd9bec6104eb</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">rad_recv: Access-Accept packet from host 198.82.169.55 port 1830, id=48, length=153</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Info-1+=\"R&D\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Partition+=\"RnD\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Role+=\"100\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>F5-LTM-User-Info-1 = 'F5-LTM-User-Shell+=\"tmsh\"'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b><font color="#000000">sites-enabled/default</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><span style="text-decoration:underline"><b></b></span><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">authorize {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> filter_username</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> preprocess</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> auth_log</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"> </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> update control{</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> Ldap-UserDn := "uid=%{User-Name},ou=People,ou=NIS,o=vt"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"> </font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> -ldap</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> pap</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> mschap</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> if(!(control:NT-Password) || control:Prohibited == TRUE){</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> update control{</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> Auth-Type := Reject</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> if(Ldap-Group != "%{control:Radius-Profile-DN}"){</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> update control{</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> Auth-Type:=Reject</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> else{</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> update control{</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> Auth-Type:=Accept</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> }</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">}</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">authenticate {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> mschap</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> pap</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">}</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b><font color="#000000">mods-enabled/ldap</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><span style="text-decoration:underline"><b></b></span><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">update {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> control:Password-With-Header += 'userPassword'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> control:NT-Password := 'ntPassword'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> control:Prohibited := 'prohibited'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> control:Radius-Profile-DN := 'radiusProfileDn'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"><span class="" style="white-space:pre"> </span>reply:F5-LTM-User-Info-1 := 'radiusReplyItem'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> #reply:Reply-Message := 'radiusReplyMessage'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">}</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">user {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> base_dn = "ou=People,${..base_dn}"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> scope = 'sub'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">}</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">group {</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> base_dn = "ou=Groups,ou=F5,ou=Configuration,${..base_dn}"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> filter = "(objectClass=groupOfNames)"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> scope = 'base'</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> name_attribute = cn</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"> membership_filter = "(member=%{control:Ldap-UserDn})"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">}</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b><font color="#000000">OpenLDAP</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><span style="text-decoration:underline"><b></b></span><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"># R&D, Groups, F5, Configuration, NIS, vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">dn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">cn: R&D</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">description: Entiries for the R&D group user accounts</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">member: uid=dawson,ou=People,ou=NIS,o=vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">radiusReplyItem: F5-LTM-User-Info-1+="R&D"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">radiusReplyItem: F5-LTM-User-Partition+="RnD"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">radiusReplyItem: F5-LTM-User-Role+=100</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">radiusReplyItem: F5-LTM-User-Shell+="tmsh"</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">objectClass: groupOfNames</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">objectClass: radiusprofile</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000"># dawson, People, NIS, vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">dn: uid=dawson,ou=People,ou=NIS,o=vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">cn: Jacob M. Dawson</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">uid: dawson</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">sn: Dawson</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">givenName: Jacob</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">objectClass: inetOrgPerson</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">objectClass: nisUserAccount</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">objectClass: radiusprofile</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">prohibited: FALSE</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">radiusProfileDn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><span style="text-decoration:underline"><b><font color="#000000">F5 VSAs</font></b></span></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><span style="text-decoration:underline"><b></b></span><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VENDOR F5 3375</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">BEGIN-VENDOR F5</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Role 1 integer</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Role-Universal 2 integer # enable/disable</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Partition 3 string</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Console 4 integer # enable/disable</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Shell 5 string # supported values are disable, tmsh, and bpsh</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Context-1 10 integer</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Context-2 11 integer</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Info-1 12 string</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">ATTRIBUTE F5-LTM-User-Info-2 13 string</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Administrator 0</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Resource-Admin 20</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role User-Manager 40</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Manager 100</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role App-Editor 300</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Operator 400</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Guest 700</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role Policy-Editor 800</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role No-Access 900</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role-Universal Disabled 0</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Role-Universal Enabled 1</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Console Disabled 0</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">VALUE F5-LTM-User-Console Enabled 1</font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo;min-height:16px"><font color="#000000"><br></font></p>
<p style="margin:0px;font-size:14px;font-family:Menlo"><font color="#000000">END-VENDOR F5</font></p><div><font color="#000000"><br></font></div><div><font color="#000000"><br></font></div><div><font color="#000000"><br>
</font></div><font color="#000000"><br></font><div class="gmail_quote"><font color="#000000">On Mon, May 19, 2014 at 4:26 PM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br>
</font><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><font color="#000000"><br>
On 19 May 2014, at 20:36, Ajinkya Fotedar <<a href="mailto:ajinkyafotedar@gmail.com">ajinkyafotedar@gmail.com</a>> wrote:<br>
<br>
> Also, the update section under the ldap modules looks like this.<br>
><br>
> update {<br>
> control:Password-With-Header += 'userPassword'<br>
> control:NT-Password := 'ntPassword'<br>
> control:Prohibited := 'prohibited'<br>
> control:Group-Membership := 'groupMembership'<br>
> reply:F5-LTM-User-Info-1 := 'userInfo'<br>
> reply:F5-LTM-User-Role := 'userRole'<br>
> reply:F5-LTM-User-Partition := 'userPartition'<br>
> reply:F5-LTM-User-Shell := 'userShell'<br>
> }<br>
<br>
</font></div><font color="#000000">Attributes are not retrieved for groups. You need to add profiles with the various reply attributes, and add that profile to the user.<br>
<br>
-Arran<br>
<br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
<br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></font></blockquote></div><br></div></div>