rlm_checkval module
Alan DeKok
aland at deployingradius.com
Thu May 29 22:04:27 CEST 2008
Yeargan Yancey wrote:
> I read the configuration file comments, searched the
> forums, and even read the source code for rlm_checkval,
> but am still having trouble getting it working the way
> I think it should. I am somewhat new to this, so perhaps
> I missed something obvious.
Please try explaining the requirements, not why your chosen solution
doesn't work.
> In the LDAP database, we have an attribute named 'host' that
> is meant to be a list of NAS IP addresses. This attribute is
> of type string and multi-valued.
That makes it more difficult.
> A sample LDAP entry might look something like this:
>
> dn: uid=testuser,ou=people,o=company
> host: 192.168.0.1
> host: 192.168.0.2
> host: 192.168.0.3
>
>
> I added this to the ldap.attrmap file:
>
> checkItem NAS-IP-Address host
Don't. Just don't. NAS-IP-Address is sent by the NAS in a RADIUS
packet. Don't overload it to mean something else.
> How should I correctly check that the NAS-IP-Address is listed in
> the LDAP database's 'host' attribute?
By doing an LDAP query. You can use the NAS-IP-Address attribute as
part of an LDAP query, to see if it exists:
if (%{ldap: blah... dn=blah,host = %{NAS-IP-Address}} == blah) {
stuff
}
Alan DeKok.
More information about the Freeradius-Users
mailing list