Alan,
I'd first would like to extend my gratitude for answering my email.
I'd also like to apoligize to everyone on the list for my confusion.
I've been reading the book RADIUS by Jonathan Hassell, I've been reading
archives for a while now. Can anyone suggest a good book with sample
information? My problem is as follow:
> Is radius supposed to only return back a single attribute?
> That's what you told it to do. An attribute with one value (even
>with commas) is very different than attributes with multiple values.
>
> My suggestion is to create multiple entries in the LDAP schema for
>the Login-LAT-Group, as there is no Login-LAT-GroupS attribute. Each
>value should then be
>
> +="User" (first)
> +="Change Password" (second)
> etc...
>
> Alan DeKok.
Alan, the "User" "Change Password" "Administrator" etc., are already part of
the LDAP schema (under the attribute securityRole) e.g.
Uid=testuser
Attribute Value
securityRole Users
securityRole testgroup1
securityRole testgroup2
securityRole Change Password
securityRole Luisa Administrator
I've modified the file ldap.attrmap as follow (this is the only change I've
made)
replyItem Login-LAT-Group securityRole
I thought by modifying this line to match the LDAP attribute would return
all values for the user (testuser) in the LDAP schema.
When I use NTRadPing the response is:
Sending authentication request to server test.server:1645
Transmitting packet, code=1 id=0 length=50
Received response from the server in 10 milliseconds
Reply packet code=2 id0 length=27
Response: Access-Accept
----------------attribute dump--------------
Login-LAT-Group=Users
Can you or anyone suggest any howto site. I've read the LDAP doc and it
doesn't mention how to implement this. Is this possible? Did I miss a step?
Thank you
-denis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html