Hi All,
I have been trying to get Freeradius to authenticate users against the
entries in my OpenLDAP directory with individual user rights. My setup
requires that I have a port-limit set up on each user when they register and
I am trying to get this information passed from the LDAP directory to the
NAS via FreeRadius.
My ldap() section in radiusd.conf file looks like this...
ldap {
server = "ldap.pacenet-india.com"
port = "389"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
basedn = "ou=users,o=pacenet-india,dc=com"
filter = "(uid=%u)"
#filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
start_tls = no
# set this to 'yes' to use TLS encrypted connections to the
# LDAP database by passing the LDAP_OPT_X_TLS_TRY option to
# the ldap library.
tls_mode = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
# ldap_cache_size = 0
ldap_connections_number = 5
# password_header = "{clear}"
# password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(membe
r=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-Use
rDn}
)))"
# groupmembership_attribute = radiusGroupName
timeout = 140
timelimit = 30
net_timeout = 10
# compare_check_items = yes
# access_attr_used_for_allow = yes
}
and one of my test user's ldif looks like this
dn: uid=akd5,ou=users,o=pacenet-india,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: radiusProfile
dialupAccess: yes
radiusPortLimit: 40000
cn: Anindya
sn: Das
gecos: akd5
gidNumber: 15
mail: [EMAIL PROTECTED]
loginShell: /bin/sh
homeDirectory: /home/akd
uidNumber: 101123
userPassword: 123456
uid: akd5
I have added the RADIUS schema for LDAP v3 and all works fine and the user
gets authenticated and all. The problem is that the "radiusPortLimit" does
not come into effect. I have tried adding the same information in the users
file in the standard RADIUS user file format, which works beautifully.
Is there anything I am doing wrong or missing out because of which the
radius attributes are not being picked up from the directory? I am using the
following:
1. FreeRadius version 0.8.1
2. OpenLDAP 2.x (LDAP Ver3)
Any help in this regard would be greatly appreciated.
Thanks in advance
Anindya
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
