I'm sorry that this question seems so elementary, but I can't find
documentation to tell me what I need to know. If it's in doc/rlm_ldap I
can't find it. Anyway, the simple question is: How do I forward values
obtained from ldap attributes in a user entry on to the NAS/RAS?
I can authenticate fine via freeradius and ldap, but when I try to pass
a Framed IP Address, Framed Netmask and Framed Route to the NAS, it
chokes because the values are bogus. Here's my entry in the users file:
DEFAULT Auth-Type := ldap
Fall-Through = Yes
DEFAULT Service-Type == Framed-User
Framed-IP-Address = radiusFramedIPAddress,
Framed-IP-Netmask = radiusFramedIPNetmask,
Framed-Route = radiusFramedRoute,
.
.
.
Ldap entries look like this:
dn: uid=customer,ou=people,dc=isp,dc=com
objectClass: uidObject
objectClass: posixAccount
objectClass: radiusprofile
.
.
.
radiusFramedIPAddress: 192.168.0.1
radiusFramedIPNetmask: 255.255.255.252
radiusFramedRoute: "192.168.0.0 192.168.0.2 1"
.
.
When I examine debug output from the radius server, it shows me that it
is sending to the NAS:
Framed-IP-Address = radiusFramedIPAddress instead of
Framed-IP-Address = 192.168.0.1
Framed-IP-Netmask = radiusFramedIPNetmask instead of
Framed-IP-Netmask = 255.255.255.252
Framed-Route = "radiusFramedRoute" # (quotations are in the
debug output, not mine) instead of
Framed-Route = "192.168.0.0 192.168.0.2 1"
And so on.
In other words, the ldap attributes aren't being translated. When I
sniff the network and actually look at the packets being sent to the
NAS, the Framed-IP-Address and netmask are both 255.255.255.255 and the
value for Framed Route is actually "radiusFramedRoute", not the value
assigned to that attribute in the associated entry.
I know this is basic stuff, but I can't find it documented anywhere.
Perhaps someone could point me to docs beyond those in the distribution
too.
Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html