Is testAtr in a dictionary file somewhere? You need to identify that attribute as a radius attribute in a dictionary file.
On Wed, 3 Mar 2004, Paul Blaich wrote: > Dustin, > > rad_recv: Access-Request packet from host 130.194.999.999:1365, id=2, > length=47 > User-Name = "blaich" > User-Password = "mypassword" > modcall: entering group authorize for request 2 > modcall[authorize]: module "preprocess" returns ok for request 2 > rlm_realm: No '@' in User-Name = "blaich", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 2 > users: Matched DEFAULT at 76 > modcall[authorize]: module "files" returns ok for request 2 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for blaich > radius_xlat: > '(&(uid=blaich)(|(allowedhosts=modem*)(allowedhosts=adm*)))' > radius_xlat: 'o=Monash Uni,c=AU' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in o=Monash Uni,c=AU, with filter > (&(uid=blaich)(|(allowedhosts=modem*)(allowedhosts=adm*))) > rlm_ldap: checking if remote access for blaich is allowed by > allowedhosts > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: Adding allowedhosts as testAtr, value modempool1 & op=11 > rlm_ldap: Adding allowedhosts as testAtr, value modempool2 & op=11 > rlm_ldap: user blaich authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 2 > modcall: group authorize returns ok for request 2 > rad_check_password: Found Auth-Type ldap > auth: type "LDAP" > modcall: entering group Auth-Type for request 2 > rlm_ldap: - authenticate > rlm_ldap: login attempt by "blaich" with password "mypassword" > rlm_ldap: user DN: cn=Paul Blaich, ou=IT Services, ou=Staff, o=Monash > Uni, c=au > rlm_ldap: (re)connect to directory.monash.edu.au:389, authentication 1 > rlm_ldap: bind as cn=Paul Blaich, ou=IT Services, ou=Staff, o=Monash > Uni, c=au/mypassword to dir.monash.edu.au:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: user blaich authenticated succesfully > modcall[authenticate]: module "ldap" returns ok for request 2 > modcall: group Auth-Type returns ok for request 2 > Login OK: [blaich] (from client eeyore port 0) > Sending Access-Accept of id 2 to 130.194.999.999:1365 > Finished request 2 > > Dustin Doris wrote: > > > > Can you paste the radiusd -X debug info? > > > > On Tue, 2 Mar 2004, Paul Blaich wrote: > > > > > Hi All > > > > > > I want FreeRadius to include with the Access-Accept packet that it sends > > > back some information that it reads from our LDAP directory (which is > > > authenticating our users based on 3 values that could be contained in an > > > attribute at the moment) > > > > > > Is this possible? I did setup (in ldap.attrmap) > > > replyItem testAtr allowedhosts > > > > > > which shows (during user authentication session in a debug load of > > > radiusd): > > > > > > rlm_ldap: Adding allowedhosts as testAtr, value modempool1 & op=11 > > > rlm_ldap: Adding allowedhosts as testAtr, value modempool2 & op=11 > > > > > > but the test program (NTRadPing Test Utility) is not showing that the > > > testAtr is being passed back. > > > > > > Any ideas? > > > > > > Thanks > > > Paul > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
