Thanks Dustin Doris for your reply. I seem to be missing something because I can not get it to work like you mentioned. Let me provide some data and config info in hopes that you might be able to help further. What I am hoping for is that it will send the profile info and the info for the user.
For example, I am hoping to see the return attributes for jcleem/dial to be: radiusClientIPAddress: 172.18.5.1 radiusFramedIPNetmask: 255.255.255.0 radiusFramedProtocol: PPP radiusFramedRouting: None radiusServiceType: Framed-User radiusFramedCompression: Van-Jacobson-TCP-IP But I only get (does not include radiusClientIPAddress): radiusFramedIPNetmask: 255.255.255.0 radiusFramedProtocol: PPP radiusFramedRouting: None radiusServiceType: Framed-User radiusFramedCompression: Van-Jacobson-TCP-IP If you need more info then what I provided below, just let me now. --- begin ldif --- dn: dc=multiband,dc=us objectClass: dcObject objectClass: organization dc: multiband o: Multiband dn: ou=profiles,dc=multiband,dc=us ou: profiles objectClass: organizationalUnit dn: ou=users,dc=multiband,dc=us ou: users objectClass: organizationalUnit dn: ou=admins,dc=multiband,dc=us ou: admins objectClass: organizationalUnit dn: uid=dial,ou=profiles,dc=multiband,dc=us radiusFramedIPNetmask: 255.255.255.0 radiusFramedProtocol: PPP radiusFramedRouting: None radiusServiceType: Framed-User uid: dial objectClass: radiusprofile radiusFramedCompression: Van-Jacobson-TCP-IP dn: uid=jcleem,ou=users,dc=multiband,dc=us uid: jcleem objectClass: radiusprofile mbAccountID: {65A8DC9F-14F6-4FB7-93D0-A70769154270} mbContactID: {BA4AD34A-38B0-445C-AEA6-E00B8C4A1B81} userPassword: xxx radiusClientIPAddress: 172.18.5.1 radiusGroupName: dial --- end ldif --- --- /usr/local/sbin/radiusd -X --- rad_recv: Access-Request packet from host 172.18.5.132:1845, id=45, length=46 User-Name = "jcleem" User-Password = "XXX" rad_lowerpair: User-Name now 'jcleem' rad_rmspace_pair: User-Name now 'jcleem' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 rlm_realm: No '@' in User-Name = "jcleem", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "jcleem" rlm_realm: Proxying request from user jcleem to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 13 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=users,dc=multiband,dc=us' radius_xlat: '(uid=jcleem)(objectclass=radiusprofile)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=multiband,dc=us, with filter (uid=jcleem)(objectclass=radiusprofile) request 78 done rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid=jcleem,ou=users,dc=multiband, dc=us))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=jcleem,ou=use rs,dc=multiband,dc=us)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=multiband,dc=us, with filter (&(radiusGroupName=disabled)(|(&(objectClass=GroupOfNames)(member=uid=jc leem,ou=users,dc=multiband,dc=us))(&(objectClass=GroupOfUniqueNames)(uni quemember=uid=jcleem,ou=users,dc=multiband,dc=us)))) request 79 done rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=jcleem,ou=users,dc=multiband,dc=us, with filter (objectclass=*) request 80 done rlm_ldap::groupcmp: Group disabled not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=users,dc=multiband,dc=us' radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid=jcleem,ou=users,dc=multiband, dc=us))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=jcleem,ou=use rs,dc=multiband,dc=us)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=multiband,dc=us, with filter (&(radiusGroupName=dial)(|(&(objectClass=GroupOfNames)(member=uid=jcleem ,ou=users,dc=multiband,dc=us))(&(objectClass=GroupOfUniqueNames)(uniquem ember=uid=jcleem,ou=users,dc=multiband,dc=us)))) request 81 done rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=jcleem,ou=users,dc=multiband,dc=us, with filter (objectclass=*) request 82 done rlm_ldap::ldap_groupcmp: User found in group dial rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 217 modcall[authorize]: module "files" returns ok for request 13 rlm_ldap: - authorize rlm_ldap: performing user authorization for jcleem radius_xlat: '(uid=jcleem)(objectclass=radiusprofile)' radius_xlat: 'ou=users,dc=multiband,dc=us' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=multiband,dc=us, with filter (uid=jcleem)(objectclass=radiusprofile) request 83 done rlm_ldap: performing search in uid=dial,ou=profiles,dc=multiband,dc=us, with filter (objectclass=radiusprofile) request 84 done rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobson-TCP-IP & op=11 rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.0 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jcleem authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 13 modcall: group authorize returns ok for request 13 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 13 rlm_ldap: - authenticate rlm_ldap: login attempt by "jcleem" with password "XXX" rlm_ldap: user DN: uid=jcleem,ou=users,dc=multiband,dc=us rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=jcleem,ou=users,dc=multiband,dc=us/xxx to localhost:389 rlm_ldap: waiting for bind result ... request 1 done rlm_ldap: Bind was successful rlm_ldap: user jcleem authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 13 modcall: group Auth-Type returns ok for request 13 Sending Access-Accept of id 45 to 172.18.5.132:1845 Framed-Compression = Van-Jacobson-TCP-IP Framed-Routing = None Framed-IP-Netmask = 255.255.255.0 Framed-Protocol = PPP Service-Type = Framed-User Finished request 13 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 13 ID 45 with timestamp 4249ebf5 Nothing to do. Sleeping until we see a request. --- end /usr/local/sbin/radiusd -X --- >> >> Not sure how to ask my next question so I will try my best. We have >> some users who receive static IP addresses and other special attributes >> that are unique to only that user. Then we have some who receive the >> same attributes and attribute values as the next person. The big >> difference is those users who receive a static IP verses a dynamic IP >> out of the DHCP pool. It is my understanding that after LDAP has >> verified the user it tells RADIUS all the group info. RADIUS then goes >> through the RADIUS Groups info and tries to find the first match. Once >> the match is found RADIUS then returns to the NAS the attributes for the >> profile not the actual user attributes. How do I setup the servers so >> that sometimes it returns the profile info (in the case of DHCP type >> customers) and sometimes returns specific attributes (in the case of >> static IP customers)? >> >> > >You can send back any reply values you want for the individual users by >putting those entries into their ldap entry. > >eg: > >uid=somestaticuser,ou=radius,dc=yourdomain,dc=com >objectclass: radiusprofile >radiusgroupname: dial >radiusgroupname: isdn >radiusframedipaddress: 1.1.1.1 >radiusframedipnetmask: 255.255.255.252 > >That will send back the reply attributes of framedipaddress and >framedipnetmask for only that user. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html