thanks dustin.. it's working as expected...
--haizam
----- Original Message ----- From: "Dustin Doris" <[EMAIL PROTECTED]>
To: <freeradius-users@lists.freeradius.org>
Sent: Thursday, January 06, 2005 09:15
Subject: Re: Block group of ISDN connection
That is the problem. Connection-Type isn't a radius attribute. You use that file, ldap.attrmap to map a Radius Attribute to an LDAP Attribute. However, Connection-Type is not a valid radius attribute. So, freeradius is failing because it doesn't recognize Connection-Type.
If you want to check to see if the user has radiusConnectionType unlimited in ldap, then modify the radiusd.conf ldap section with this
groupname_attribute = radiusConnectionType groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
Then change your users file to this
DEFAULT NAS-Port-Type == "ISDN", Ldap-Group == "UNLIMITED", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
That will tell freeradius that if the NAS-Port-Type is ISDN, then do a lookup to ldap for radiusConnectionType = Unlimited. If those two match, then it will add Auth-Type = Reject to it.
Hope that helps.
Dusty Doris
On Thu, 6 Jan 2005, Rohaizam Abu Bakar wrote:
define in ldap.attrmap.. define as check item...
checkItem Connection-Type radiusConnectionType
The situation is I've to check both attribute.. one from RAS (NAS-Port-Type)
.. and one from LDAP (Connection-Type) before i can reject it..
As suggested by Kostas... I've to map the Connection-Type (my-own)
attribute... and put "files" that reading users file after LDAP in authorize
section...
--haizam
----- Original Message ----- From: "Dustin Doris" <[EMAIL PROTECTED]> To: <freeradius-users@lists.freeradius.org> Sent: Wednesday, January 05, 2005 23:15 Subject: Re: Block group of ISDN connection
>
>
> On Wed, 5 Jan 2005, Rohaizam Abu Bakar wrote:
>
>>
>> YES... it is on one line until "Reject"... just breaking up while
>> pasting...
>>
>> DEFAULT NAS-Port-Type == "ISDN" ,Connection-Type == >> "UNLIMITED",
>> Auth-Type := Reject
>> Reply-Message = "Your account has been disabled."
>>
>> but still giving the same trailing coma problem..
>>
>> /usr/local/etc/raddb/users[42]: Unexpected trailing comma in check >> item
>> list
>> for entry DEFAULT
>>
>> --haizam
>>
>
> I believe the error you are receiving is because freeradius doesn't
> understand what Connection-Type is. I can't find connection-type in > any
> of the dictionary files. Where did you define connection-type?
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html