LDAP attributes into freeradius
Joe H
jharlan at gwi.net
Wed Aug 17 17:04:45 CEST 2005
Here is my goal:
I would like to assign an attribute to certain users in ldap and have
freeradius look for that attribute to determine whether or not to reply
back to the NAS device with an IP address pool name. The users with the
attribute set would not have the Pool sent and the users without the
attribute set would have the pool sent.
Here is the rule that I have set for it in the users file:
DEFAULT Huntgroup-Name == "dialup"
Idle-Timeout = "1800",
Fall-Through = Yes
DEFAULT Huntgroup-Name == "dialup", No-Pool != "1"
USR-Framed_IP_Address_Pool_Name = "POOL",
Idle-Timeout := "120",
Fall-Through = Yes
dialup is the ldap module I have setup in the radiusd.conf file. Here is
that entry:
ldap dialup {
server = "localhost"
identity = "cn=Manager,dc=domain,dc=com"
password = "*********************"
basedn = "ou=Users,o=domain.com,dc=domain,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap-dialup.attrmap
ldap_connections_number = 288
groupname_attribute = gidNumber
groupmembership_filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = no
}
The problem I'm seeing is that radius doesn't seem to use the value of
No-Pool. I have it in the ldap-dialup.attrmap as:
checkItem No-Pool radiusNoPool
radiusNoPool is the ldap attribute with a value of 1.
Where else do I need to add the new attribute No-Pool in order for
freeradius to use it?
Joe H.
GWI Operations.
More information about the Freeradius-Users
mailing list