LDAP attributes into freeradius

Joe H jharlan at gwi.net
Wed Aug 17 17:04:45 CEST 2005

Here is my goal:

I would like to assign an attribute to certain users in ldap and have 
freeradius look for that attribute to determine whether or not to reply 
back to the NAS device with an IP address pool name.  The users with the 
attribute set would not have the Pool sent and the users without the 
attribute set would have the pool sent.

Here is the rule that I have set for it in the users file:

DEFAULT Huntgroup-Name == "dialup"
         Idle-Timeout = "1800",
         Fall-Through = Yes

DEFAULT Huntgroup-Name == "dialup", No-Pool != "1"
         USR-Framed_IP_Address_Pool_Name = "POOL",
         Idle-Timeout := "120",
         Fall-Through = Yes

dialup is the ldap module I have setup in the radiusd.conf file.  Here is 
that entry:

         ldap dialup {
                 server = "localhost"
                 identity = "cn=Manager,dc=domain,dc=com"
                 password = "*********************"
                 basedn = "ou=Users,o=domain.com,dc=domain,dc=com"
                 filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                 start_tls = no
                 tls_mode = no
                 dictionary_mapping = ${raddbdir}/ldap-dialup.attrmap
                 ldap_connections_number = 288
                 groupname_attribute = gidNumber
                 groupmembership_filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                 timeout = 4
                 timelimit = 3
                 net_timeout = 1
                 compare_check_items = no

The problem I'm seeing is that radius doesn't seem to use the value of 
No-Pool.  I have it in the ldap-dialup.attrmap as:
checkItem      No-Pool        radiusNoPool

radiusNoPool is the ldap attribute with a value of 1.

Where else do I need to add the new attribute No-Pool in order for 
freeradius to use it?

Joe H.
GWI Operations.

More information about the Freeradius-Users mailing list