That is the problem. Connection-Type isn't a radius attribute. You use
that file, ldap.attrmap to map a Radius Attribute to an LDAP Attribute.
However, Connection-Type is not a valid radius attribute. So, freeradius
is failing because it doesn't recognize Connection-Type.
If you want to check to see if the user has radiusConnectionType unlimited
in ldap, then modify the radiusd.conf ldap section with this
groupname_attribute = radiusConnectionType
groupmembership_filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
Then change your users file to this
DEFAULT NAS-Port-Type == "ISDN", Ldap-Group == "UNLIMITED", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
That will tell freeradius that if the NAS-Port-Type is ISDN, then do a
lookup to ldap for radiusConnectionType = Unlimited. If those two match,
then it will add Auth-Type = Reject to it.
Hope that helps.
Dusty Doris
On Thu, 6 Jan 2005, Rohaizam Abu Bakar wrote:
> define in ldap.attrmap.. define as check item...
>
>
> checkItem Connection-Type radiusConnectionType
>
> The situation is I've to check both attribute.. one from RAS (NAS-Port-Type)
> .. and one from LDAP (Connection-Type) before i can reject it..
> As suggested by Kostas... I've to map the Connection-Type (my-own)
> attribute... and put "files" that reading users file after LDAP in authorize
> section...
>
> --haizam
>
> ----- Original Message -----
> From: "Dustin Doris" <[EMAIL PROTECTED]>
> To: <freeradius-users@lists.freeradius.org>
> Sent: Wednesday, January 05, 2005 23:15
> Subject: Re: Block group of ISDN connection
>
>
> >
> >
> > On Wed, 5 Jan 2005, Rohaizam Abu Bakar wrote:
> >
> >>
> >> YES... it is on one line until "Reject"... just breaking up while
> >> pasting...
> >>
> >> DEFAULT NAS-Port-Type == "ISDN" ,Connection-Type == "UNLIMITED",
> >> Auth-Type := Reject
> >> Reply-Message = "Your account has been disabled."
> >>
> >> but still giving the same trailing coma problem..
> >>
> >> /usr/local/etc/raddb/users[42]: Unexpected trailing comma in check item
> >> list
> >> for entry DEFAULT
> >>
> >> --haizam
> >>
> >
> > I believe the error you are receiving is because freeradius doesn't
> > understand what Connection-Type is. I can't find connection-type in any
> > of the dictionary files. Where did you define connection-type?
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
