Hi, I am currently running freeradius 0.8.1 with LDAP as backend. It works fine. I need to upgrade to a later version because I need some features regarding Autz.
Certain users have some Cisco ACLs associated in the LDAP tree that are send to the NAS via Cisco-AVPair attribute. The ACLs have more than one line so the attribute is multivalued. The attribute is stored in the LDAP entry as radiusVendorSpecific. This works fine for the 0.8.1 release, but when I tested the same configuration in relases 0.9.0 and 1.0.0 the radius only gives back the first value of the Cisco-AVPair. The ldap module still gets all the values but freeradius choose to ignore the rest. I read the mail archive and found similar problems in threads: "about duplicated attribute in freeradius" "Multiple cisco-avpair entries" where is referenced the use of += operator, which works fine if you are adding the VSA attributes from the user files, but I am using the LDAP server. Can you help me ? Thanks a lot. J.M. rad_recv: Access-Request packet from host 200.x.y.z:36982, id=98, length=69 User-Name = "adslfilter2" User-Password = "test123" NAS-IP-Address = 10.252.8.6 NAS-Port = 10 Framed-Protocol = PPP rlm_ldap: - authorize rlm_ldap: performing user authorization for adslfilter2 ldap_get_conn: Got Id: 0 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value ip:inacl#40=permit tcp any 200.x.a.0 0.0.0.255 eq 25 & op=11 rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value ip:inacl#41=permit tcp any 200.x.b.0 0.0.0.255 eq 25 & op=11 rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value ip:inacl#42=permit tcp any 200.x.c.0.0 0.0.0.255 eq 25 & op=11 rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value ip:inacl#50=permit udp any eq 53 any & op=11 rlm_ldap: user adslfilter2 authorized to use remote access ldap_release_conn: Release Id: 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "adslfilter2" with password "test123" rlm_ldap: user DN: uid=adslfilter2,ou=organization,ou=users,o=host rlm_ldap: (re)connect to ldapserver.host.com.ar:389, authentication 1 rlm_ldap: bind as uid=adslfilter2,ou=organization,ou=users,o=host/test123 to ldapserver.host.com.ar:389 rlm_ldap: waiting for bind result ... rlm_ldap: user adslfilter2 authenticated succesfully Sending Access-Accept of id 98 to 200.x.y.z:36982 Service-Type = Framed-User Framed-Protocol = PPP Cisco-AVPair = "ip:inacl#40=permit tcp any 200.x.a.0 0.0.0.255 eq 25" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html