Understanding dynamic radiusClients in openldap
Alan DeKok
aland at deployingradius.com
Thu Feb 3 20:18:31 UTC 2022
On Feb 3, 2022, at 2:57 PM, Dave Macias <davama at gmail.com> wrote:
>
> Looking here:
> https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/schemas/ldap/openldap/freeradius-clients.ldif
>
> And here:
>
> https://github.com/FreeRADIUS/freeradius-server/blob/9e6d1e60aa2e829a186b87331f12b413a6cc6d07/raddb/sites-available/dynamic-clients#L274-L317
As a minor note, don't use the "master" branch. It's not yet released. It may or may not work on a daily basis. Use v3.0.x instead.
> Im trying to create a client for a NAS in my ldap service
>
> dn: cn=xx:xx:xx:xxff:fe57:cd00,ou=clients,ou=radius,dc=datacom,dc=net
> objectClass: radiusClient
> cn: xx:xx:xx:xxff:fe57:cd00
> radiusClientShortname: location1
> radiusClientIdentifier: name-of-nas
> radiusClientSecret: asdfasdfasdfasdf123123asdf
>
> But I get:
> ldap_add: Object class violation (65)
> additional info: attribute 'cn' not allowed
>
> Which makes sense since the schema does not have `cn` .... so trying to
> understand how to add a radiusClient. I've also tried instead of cn, ou but
> same output. Does anyone have a sample ldif?
>
> Looking at the dynamic-clients file, it says about setting the "location"
> attribute but I don't see it...
To be perfectly honest, I don't think anyone has looked at that in a while. "git annotate" says that the examples are from 2011. I can't recall anyone else using it since then.
So if you figure it out, we're happy to accept a patch. Until then, we can add it to the list of "todo" items.
Alan DeKok.
More information about the Freeradius-Users
mailing list