return list
Luo, Frank Y.F. Mr.
luoy at muohio.edu
Mon May 14 22:25:42 CEST 2012
I have a senario, no ldap schema extension is wanted ( no ldap group or profile is wanted);
we do use ldap authentication though; and it works fine.
after authentication, we need to check one ldap attribute like "vpn" and and return "class: ou={ldap vpn value}" back to the radius client (the cisco concentrator).
So in the sites_avaiable/default, I have this
post-auth {
update reply {
class = "ou=%Profile"
}
and in ldap.attrmap, i have
replyItem Profile VPN
There must a syntax error on how to refer a ldap attribute value here. since what I got is this
# Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
WARNING: Unknown variable '%P': See 'doc/variables.txt'
expand: ou=%Profile -> ou=%Profile
++[reply] returns noop
Any clue how to implement this?
THanks
Frank
More information about the Freeradius-Users
mailing list