Thank you for the reply.
Here is the output from radius. The problem im having is that only one group
name is returned. As show below I have value testgroup2 and users not being
returned.
Ready to process requests.
rad_recv: Access-Request packet from host 10.32.2.108:1142, id=3, length=48
User-Name = "testuser"
User-Password = "test123"
modcall: entering group authorize for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(uid=testuser)'
radius_xlat: 'o=PUSD,c=US'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
rlm_ldap: bind as / to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=PUSD,c=US, with filter (uid=testuser)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding ntPassword as NT-Password, value
C5A237B7E9D8E708D8436B6148A25FA1 & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding securityRole as Filter-Id, value testgroup1 & op=11
rlm_ldap: Adding securityRole as Filter-Id, value testgroup2 & op=11
rlm_ldap: Adding securityRole as Filter-Id, value Users & op=11
rlm_ldap: user testuser authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall[authorize]: module "eap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authenticate for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "test123"
rlm_ldap: user DN: uid=testuser,ou=Information Technology,o=PUSD,c=US
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1
rlm_ldap: bind as uid=testuser,ou=Information Technology,o=PUSD,c=US/test123
to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user testuser authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [testuser/test123] (from client edcenter port 0)
Sending Access-Accept of id 3 to 10.32.2.108:1142
Filter-Id = "testgroup1"
Finished request 0
> -----Original Message-----
> From: Dustin Doris [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 17, 2004 11:12 AM
> To: '[EMAIL PROTECTED]'
> Subject: Re: LDAP groups send reply
>
> >
> > > Hello,
> > > I would like to know if this is possible
> > > Send a Class or Filter-Id attribute to the NAS, with the content
> > > being the names of the LDAP groups to which the user belongs.
> > >
> > > Thank you,
> > > denis
> > >
> >
> > How does the NAS expect the group to come back?
> >
> > Class:
>
>
> Sorry, I guess I hit send too early. What I meant was what radius
> attribute the nas expecting for the groups? An example could be the
> radius attribute Class.
>
> In that case, you would make sure the following is in ldap.attrmap
> replyItem Class radiusClass
>
> Then in your ldap directory, you would store the reply items.
>
> radiusClass: "OU=group.com;"
>
> The one above is an example for Cisco VPN concentrators.
>
> Need to add more use +=, read the man page on users.
>
>
>
> -Dusty Doris
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
