Hi All, I have been trying to get Freeradius to authenticate users against the entries in my OpenLDAP directory with individual user rights. My setup requires that I have a port-limit set up on each user when they register and I am trying to get this information passed from the LDAP directory to the NAS via FreeRadius.
My ldap() section in radiusd.conf file looks like this... ldap { server = "ldap.pacenet-india.com" port = "389" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "ou=users,o=pacenet-india,dc=com" filter = "(uid=%u)" #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. start_tls = no # set this to 'yes' to use TLS encrypted connections to the # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to # the ldap library. tls_mode = no # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap # ldap_cache_timeout = 120 # ldap_cache_size = 0 ldap_connections_number = 5 # password_header = "{clear}" # password_attribute = userPassword # groupname_attribute = cn # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(membe r=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-Use rDn} )))" # groupmembership_attribute = radiusGroupName timeout = 140 timelimit = 30 net_timeout = 10 # compare_check_items = yes # access_attr_used_for_allow = yes } and one of my test user's ldif looks like this dn: uid=akd5,ou=users,o=pacenet-india,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: person objectClass: inetOrgPerson objectClass: radiusProfile dialupAccess: yes radiusPortLimit: 40000 cn: Anindya sn: Das gecos: akd5 gidNumber: 15 mail: [EMAIL PROTECTED] loginShell: /bin/sh homeDirectory: /home/akd uidNumber: 101123 userPassword: 123456 uid: akd5 I have added the RADIUS schema for LDAP v3 and all works fine and the user gets authenticated and all. The problem is that the "radiusPortLimit" does not come into effect. I have tried adding the same information in the users file in the standard RADIUS user file format, which works beautifully. Is there anything I am doing wrong or missing out because of which the radius attributes are not being picked up from the directory? I am using the following: 1. FreeRadius version 0.8.1 2. OpenLDAP 2.x (LDAP Ver3) Any help in this regard would be greatly appreciated. Thanks in advance Anindya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html