return list

Alan DeKok aland at
Tue May 15 08:37:21 CEST 2012

Luo, Frank Y.F. Mr. wrote:
> I have a senario, no ldap schema extension is wanted ( no ldap group or profile is wanted);
> we do use ldap authentication though;  and it works fine. 
> after authentication, we need to check one ldap attribute like "vpn" and and return "class: ou={ldap vpn value}" back to the radius client (the cisco concentrator). 
> So in the sites_avaiable/default, I have this
> post-auth {
>     update reply {
>         class = "ou=%Profile"
> }

  Well, that's wrong.  See "man unlang" for documentation.

  And the Profile attribute doesn't exist.

> and in ldap.attrmap, i have 
> replyItem	Profile 			VPN
> There must a syntax error on how to refer a ldap attribute value here. since what I got is this
> # Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default
> +- entering group post-auth {...}
> WARNING: Unknown variable '%P': See 'doc/variables.txt'

  And WHAT is unclear about that message?  Did you bother to READ the
file "doc/variables.txt"?

> Any clue how to implement this?

  The server is telling you to read documentation.  Go read it.  The
answers are there.  See also "man unlang"

  You've managed to make a number of different mistakes in the config.
And then compounded that by NOT reading the documentation that tells you
how to fix those mistakes.

  Alan DeKok.

More information about the Freeradius-Users mailing list