nas-identifier and ldap.attrmap

Mon, 18 Apr 2005 02:21:16 -0700 

Hi!

I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor
I am using the ldap.attrmap for mapping ldapentries to radiusattributes.
Everything is configured correctly, mapping works. For example, I added
a radiusAuthType with value REJECT and I couldn't authenticate. Even
other entries works!!

But for some reason, I have to add a NAS-Identifier to my
ldap-attributes and that does NOT work! :-(

Adding a NAS-Identifier to the users-file works, for example:
steve   Auth-Type := Local, User-Password == "testing", NAS-Identifier
== "chilli"
        Reply-Message = "Hello %u"
This line let's the user steve only authenticate, if there is a
NAS-Identifier="chilli" in the access request!

Why doesn't it work with ldap? I added it to the ldap.attrmap-file, as
a checkitem:
checkItem       NAS-Identifier                  radiusNASIdentifier
I also extended the radius-ldap-schema for radiusNASIdentifier, and even


It seems that my freeradius ignores this attribut!! :-(

Has anyone ideas?
thxs
regards
peda

PS: radius-logfile-output:
Following ldap entry exists:
dn:uid=testuser,ou=radius,dc=xxx,dc=xxx

                uid: testuser
                 cn: testuser
        objectClass: radiusprofile
                     account
radiusNASIdentifier: vpn

In the Access-Request NAS-Identifier is chilli, so I shouldn't get
authenticated, right?

...
rlm_ldap: LDAP radiusnasidentifier mapped to RADIUS NAS-Identifier
...
rlm_ldap: Adding radiusnasidentifier as NAS-Identifier, value vpn & op=21
...
rad_recv: Access-Request packet from host 127.0.0.1:1052, id=0, length=200
        User-Name = "testuser"
        User-Password = "123456"
        NAS-IP-Address = 0.0.0.0
        Service-Type = Login-User
        Framed-IP-Address = 192.168.100.2
        Calling-Station-Id = "00-11-43-68-B6-C7"
        Called-Station-Id = "00-00-21-D7-27-EA"
        NAS-Identifier = "chilli"
        Acct-Session-Id = "426371ac00000000"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 0
        Message-Authenticator = 0x639366a805ea2fa073720e2f5427bf7f
        WISPr-Logoff-URL = "http://192.168.100.1:3990/logoff";
  Processing the authorize section of radiusd.conf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to