Hi,
Yes, I did add radiusPortLimit as a replyitem in the ldap.attrmap file. The
entry looks like this:
replyItem Port-Limit radiusPortLimit
No luck still :-(,
Anindya
----- Original Message -----
From: "freeradius mailing list" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 13, 2003 10:16 PM
Subject: Re: Radius to LDAP mapping.. radius attributes not working fromLDAP
> Did you add radiusportlimit to the ldap.attrmap file as a reply item?
>
>
> On Thu, 13 Mar 2003, Das, Anindya Kishore wrote:
>
> > Hi All,
> >
> > I have been trying to get Freeradius to authenticate users against the
> > entries in my OpenLDAP directory with individual user rights. My setup
> > requires that I have a port-limit set up on each user when they register
and
> > I am trying to get this information passed from the LDAP directory to
the
> > NAS via FreeRadius.
> >
> > My ldap() section in radiusd.conf file looks like this...
> >
> >
> > ldap {
> > server = "ldap.pacenet-india.com"
> > port = "389"
> > # identity = "cn=admin,o=My Org,c=UA"
> > # password = mypass
> > basedn = "ou=users,o=pacenet-india,dc=com"
> > filter = "(uid=%u)"
> > #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> >
> > # set this to 'yes' to use TLS encrypted connections
> > # to the LDAP database by using the StartTLS extended
> > # operation.
> > start_tls = no
> > # set this to 'yes' to use TLS encrypted connections to
the
> > # LDAP database by passing the LDAP_OPT_X_TLS_TRY option
to
> > # the ldap library.
> > tls_mode = no
> >
> > # default_profile = "cn=radprofile,ou=dialup,o=My
Org,c=UA"
> > # profile_attribute = "radiusProfileDn"
> > access_attr = "dialupAccess"
> >
> > # Mapping of RADIUS dictionary attributes to LDAP
> > # directory attributes.
> > dictionary_mapping = ${raddbdir}/ldap.attrmap
> >
> > # ldap_cache_timeout = 120
> > # ldap_cache_size = 0
> > ldap_connections_number = 5
> > # password_header = "{clear}"
> > # password_attribute = userPassword
> > # groupname_attribute = cn
> > # groupmembership_filter =
> > "(|(&(objectClass=GroupOfNames)(membe
> >
r=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-Use
> > rDn}
> > )))"
> > # groupmembership_attribute = radiusGroupName
> > timeout = 140
> > timelimit = 30
> > net_timeout = 10
> > # compare_check_items = yes
> > # access_attr_used_for_allow = yes
> > }
> >
> > and one of my test user's ldif looks like this
> >
> >
> > dn: uid=akd5,ou=users,o=pacenet-india,dc=com
> >
> > objectClass: top
> > objectClass: account
> > objectClass: posixAccount
> > objectClass: person
> > objectClass: inetOrgPerson
> > objectClass: radiusProfile
> > dialupAccess: yes
> > radiusPortLimit: 40000
> > cn: Anindya
> > sn: Das
> > gecos: akd5
> > gidNumber: 15
> > mail: [EMAIL PROTECTED]
> > loginShell: /bin/sh
> > homeDirectory: /home/akd
> > uidNumber: 101123
> > userPassword: 123456
> > uid: akd5
> >
> > I have added the RADIUS schema for LDAP v3 and all works fine and the
user
> > gets authenticated and all. The problem is that the "radiusPortLimit"
does
> > not come into effect. I have tried adding the same information in the
users
> > file in the standard RADIUS user file format, which works beautifully.
> >
> > Is there anything I am doing wrong or missing out because of which the
> > radius attributes are not being picked up from the directory? I am using
the
> > following:
> >
> > 1. FreeRadius version 0.8.1
> > 2. OpenLDAP 2.x (LDAP Ver3)
> >
> >
> > Any help in this regard would be greatly appreciated.
> >
> > Thanks in advance
> >
> > Anindya
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
