user-profiles
Dusty Doris
freeradius at mail.doris.cc
Tue Jun 28 21:39:56 CEST 2005
> Radius does not seem to be searching or adding my reply items for my
> user-profiles from ldap. It does not even look for them??
> Does someone have a wonderful solution for how to remedy this
>
>
> DEFAULT Huntgroup-Name == internet, Ldap-Group == ballyvaughan,
> User-Profile :=
> "cn=ballyvaughan,ou=profiles,o=radius,dc=radiowave,dc=net",
> Simultaneous-Use := 2
> Fall-Through = 0
>
First the user would have to match the Huntgroup-Name and the Ldap-Group.
If it does match, then that user will be looked up to get the reply
values. So, assuming that you matched the huntgroup and ldap-group, you
need to make sure that the user you bind with has access read access to
the ou=profiles users and that there are reply attributes in it.
To test, do it from the command line.
ldapsearch -D "yourfreeradiusdn" -w yourpassword -h theldapserver -x -b
ou=profiles,o=radius,dc=radiowave,dc=net "(cn=ballyvaughn)"
That will do a simple bind with the username you specify in -D and the
password you specify in -w. It will look in the base of -b for someone
with cn=ballyvaughn.
That user will need to have reply attributes that are mapped to a radius
attribute in ldap.attrmap.
examples:
ldap.attrmap
replyItem Framed-Protocol radiusFramedProtocol
the user should then have something like
dn: cn=ballyvaugn,ou=profiles,...
objectclass: radiusprofile
radiusFramedProtocol: PPP
Please post the section of radiusd -X where the user matched in the users
file - showing they matched the huntgroup and ldap-group. Then look for a
part where it does a search for cn=ballyvaugn in ou=profiles.
More information about the Freeradius-Users
mailing list