LDAP check attributes

ludovic cailleau ludoviccailleau at yahoo.fr
Wed May 17 11:19:57 CEST 2006 

Ok, I don’t be clear.    
   
   The solution that I your given does not use the replyItem Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type.  
   
   My Ldap base contains attributes SSID for each users. Because my NAS sends its vendor-specific containing the SSID where wants to connect the users. And at each request for authentification, the module authorize (radiusd.conf) call Ldap (with the filter) to compare the `uid' and `SSID'. If the SSID sent by the NAS corresponds at the SSID stored in Ldap: freeradius sends ‘accept’, if not it sends a ‘reject’.    
   
  But you want that it is the switch Cisco which redirects the user in such or such SSID according to SSID'S corresponding to the attributes Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type.? 
   
   I am sorry,  but I had not understood this.    
   
  Wat does it solution wish you?
   
  Ludovic Cailleau


Antonio Matera <antonio.matera at create-net.it> a écrit :  Hi,
thanks a lot for your answer.
Your solution works fine but I don't understand some things:

1 - If I insert the Cisco-AVPair in the filter and I haven't this 
attribute in my ldap user, I can't authenticate it. Is it possible to 
check the ssid only if it is in the list of the ldap user attributes?

2 - With this solution the following row in the ldap.attrmap is not 
necessary:

checkItem Cisco-AVPair radiusCiscoAVPair

whitout it the filter authentication works.
It is not possible to use the ldap.attrmap file to inser a check item?

In this file I have inserted 3 replyItem:

replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
replyItem Tunnel-Type radiusTunnelType

if I insert these three attribute in my ldap user they work without 
other configuration. Why the checkItem doesn't work?

3 - the last question is a little different: if I insert in the user 
file this row:

DEFAULT Auth-Type := LDAP

the authentication doesn't work. It is normal or I have some mistakes in 
my configuration?

Thanks a lot
Bye Antonio



Ludovic Cailleau
		
---------------------------------
 Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060517/43890b55/attachment.html>

More information about the Freeradius-Users mailing list