Using ldap module to return variables to use in other modules.

[David Rickard]

Hi,

Thanks for the reply. That does indeed seem to have gotten it working now. I need to move my config around as, as others have pointed out, it's a bit of a mess. But fundamentally, I can now take an MSCHAP request, with a UPN, look it up, and then re-auth via ntlm_auth, which is exactly what I wanted. Knowing what I now know, I can expand on that to other authentication mechanisms.

Thankyou all for your help!

I'm sure I'll find something else to break and be back again ;-)

Regards
--

David Rickard

Systems Manager
IT - Core Systems Team
Buckinghamshire New University
High Wycombe Campus
Queen Alexandra Road
High Wycombe
Buckinghamshire HP11 2JZ

Telephone: 01494 601 649
Facsimile: 01494 524 392
Main Switchboard: 01494 522 141, ext. 1649

bucks.ac.uk

> -----Original Message-----
> From: freeradius-users-
> bounces+david.rickard=bucks.ac.uk at lists.freeradius.org [mailto:freeradius-
> users-bounces+david.rickard=bucks.ac.uk at lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: 14 August 2014 07:25
> To: FreeRadius users mailing list
> Subject: Re: Using ldap module to return variables to use in other modules.
> 
> David Rickard wrote:
> > I modified the ntlm module as follows:
> >      exec ntlm_auth {
> >                     wait = yes
> >                     program = "/path/to/ntlm_auth --request-nt-key --
> domain=MYDOMAIN --username=%{Bucks-samAccountName}
> 
>   Which looks in the request list.
> 
> > ldap.attrmap has an extra line (tried as both a check-item and a replyitem.
> I'm thinking it should be check-item as a replyitem is sent in the RADIUS
> reply, which I don't want).
> > checkItem  Bucks-samAccountName         sAMAccountName
> 
>   Which puts the attribute into the check / control list.
> 
>   Fix that.
> 
>   Use --username=%{control:Bucks-samAccountName}
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html