return list

Luo, Frank Y.F. Mr. luoy at
Mon May 14 22:25:42 CEST 2012

I have a senario, no ldap schema extension is wanted ( no ldap group or profile is wanted);
we do use ldap authentication though;  and it works fine. 
after authentication, we need to check one ldap attribute like "vpn" and and return "class: ou={ldap vpn value}" back to the radius client (the cisco concentrator). 

So in the sites_avaiable/default, I have this

post-auth {
    update reply {
        class = "ou=%Profile"

and in ldap.attrmap, i have 

replyItem	Profile 			VPN

There must a syntax error on how to refer a ldap attribute value here. since what I got is this

# Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
WARNING: Unknown variable '%P': See 'doc/variables.txt'
	expand: ou=%Profile -> ou=%Profile
++[reply] returns noop

Any clue how to implement this?




More information about the Freeradius-Users mailing list