Dusty Doris freeradius at
Tue Jun 28 21:39:56 CEST 2005

> Radius does not seem to be searching or adding my reply items for my
> user-profiles from ldap. It does not even look for them??
> Does someone have a wonderful solution for how to remedy this
> DEFAULT Huntgroup-Name == internet, Ldap-Group == ballyvaughan,
> User-Profile :=
> "cn=ballyvaughan,ou=profiles,o=radius,dc=radiowave,dc=net",
> Simultaneous-Use := 2
>        Fall-Through = 0

First the user would have to match the Huntgroup-Name and the Ldap-Group.
If it does match, then that user will be looked up to get the reply
values.  So, assuming that you matched the huntgroup and ldap-group, you
need to make sure that the user you bind with has access read access to
the ou=profiles users and that there are reply attributes in it.

To test, do it from the command line.

ldapsearch -D "yourfreeradiusdn" -w yourpassword -h theldapserver -x -b
ou=profiles,o=radius,dc=radiowave,dc=net "(cn=ballyvaughn)"

That will do a simple bind with the username you specify in -D and the
password you specify in -w.  It will look in the base of -b for someone
with cn=ballyvaughn.

That user will need to have reply attributes that are mapped to a radius
attribute in ldap.attrmap.


replyItem	Framed-Protocol		radiusFramedProtocol

the user should then have something like

dn: cn=ballyvaugn,ou=profiles,...
objectclass: radiusprofile
radiusFramedProtocol: PPP

Please post the section of radiusd -X where the user matched in the users
file - showing they matched the huntgroup and ldap-group.  Then look for a
part where it does a search for cn=ballyvaugn in ou=profiles.

More information about the Freeradius-Users mailing list