Hi,
I am currently running freeradius 0.8.1 with LDAP as backend. It works fine.
I need to upgrade to a later version because I need some features regarding
Autz.
Certain users have some Cisco ACLs associated in the LDAP tree that are send
to the NAS via Cisco-AVPair attribute. The ACLs have more than one line so
the attribute is multivalued. The attribute is stored in the LDAP entry as
radiusVendorSpecific.
This works fine for the 0.8.1 release, but when I tested the same
configuration in relases 0.9.0 and 1.0.0 the radius only gives back the
first value of the Cisco-AVPair. The ldap module still gets all the values
but freeradius choose to ignore the rest.
I read the mail archive and found similar problems in threads:
"about duplicated attribute in freeradius"
"Multiple cisco-avpair entries"
where is referenced the use of += operator, which works fine if you are
adding the VSA attributes from the user files, but I am using the LDAP
server.
Can you help me ?
Thanks a lot.
J.M.
rad_recv: Access-Request packet from host 200.x.y.z:36982, id=98, length=69
User-Name = "adslfilter2"
User-Password = "test123"
NAS-IP-Address = 10.252.8.6
NAS-Port = 10
Framed-Protocol = PPP
rlm_ldap: - authorize
rlm_ldap: performing user authorization for adslfilter2
ldap_get_conn: Got Id: 0
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value
ip:inacl#40=permit tcp any 200.x.a.0 0.0.0.255 eq 25 & op=11
rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value
ip:inacl#41=permit tcp any 200.x.b.0 0.0.0.255 eq 25 & op=11
rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value
ip:inacl#42=permit tcp any 200.x.c.0.0 0.0.0.255 eq 25 & op=11
rlm_ldap: Adding radiusVendorSpecific as Cisco-AVPair, value
ip:inacl#50=permit udp any eq 53 any & op=11
rlm_ldap: user adslfilter2 authorized to use remote access
ldap_release_conn: Release Id: 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "adslfilter2" with password "test123"
rlm_ldap: user DN: uid=adslfilter2,ou=organization,ou=users,o=host
rlm_ldap: (re)connect to ldapserver.host.com.ar:389, authentication 1
rlm_ldap: bind as uid=adslfilter2,ou=organization,ou=users,o=host/test123 to
ldapserver.host.com.ar:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user adslfilter2 authenticated succesfully
Sending Access-Accept of id 98 to 200.x.y.z:36982
Service-Type = Framed-User
Framed-Protocol = PPP
Cisco-AVPair = "ip:inacl#40=permit tcp any 200.x.a.0 0.0.0.255 eq
25"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
