freeradius 2.1.7-7.el5 - How to get vendor specific attributes from LDAP

Jakub Pech jakub.pech at
Fri Nov 25 10:15:53 CET 2011

Dne 24.11.11 22:27, Fajar A. Nugraha napsal(a):
>> Hi,
>> >
>>> >>Normally an ldap attribute will be translated as a radius check or reply
>>> >>  item, not both (which is what you did).
>> >  First I had only "radius check". I added "radius reply" later while testing.
>> >  I'm almost sure that that is not the cause of my problem.
> Why are you doing that? Your "working" debug log says
> Sending Access-Accept of id 101 to port 60528
> Juniper-Local-User-Name := "class2"
> Finished request 0.
This is the log from testing to authenticate user against the users 
file. My problem is that I'm not able to do the same against the LDAP.
> Something that you send to the NAS is a reply item. Why did you put it
> as radius check?  And if you're sure it's not the problem (meaning you
> already know what the source of problem is), then why ask here?
First I undrestanded that the radius check are items that radius checks 
in LDAP. But since I havent found any documentation to ldap.attrmap file 
(i found only that it may be included in man users, but it isn't in 
freeradius2) I tried both: radiuscheck / radiusreply / radiuscheck and 
radius reply together. Nothing worked for me. That Is the reason why I'm 
almost sure that this isn't the cause of my problem.

Thank you for the information that attribute which I'd like to check in 
LDAP and send it to the NAS is reply item in ldap.attrmap.

Is there anything else then ldap.attrmap that should be set up for 
sending vendor specific attributes from LDAP?

Thank you Jakub Pech

More information about the Freeradius-Users mailing list