Hi! I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor I am using the ldap.attrmap for mapping ldapentries to radiusattributes. Everything is configured correctly, mapping works. For example, I added a radiusAuthType with value REJECT and I couldn't authenticate. Even other entries works!!
But for some reason, I have to add a NAS-Identifier to my ldap-attributes and that does NOT work! :-( Adding a NAS-Identifier to the users-file works, for example: steve Auth-Type := Local, User-Password == "testing", NAS-Identifier == "chilli" Reply-Message = "Hello %u" This line let's the user steve only authenticate, if there is a NAS-Identifier="chilli" in the access request! Why doesn't it work with ldap? I added it to the ldap.attrmap-file, as a checkitem: checkItem NAS-Identifier radiusNASIdentifier I also extended the radius-ldap-schema for radiusNASIdentifier, and even It seems that my freeradius ignores this attribut!! :-( Has anyone ideas? thxs regards peda PS: radius-logfile-output: Following ldap entry exists: dn:uid=testuser,ou=radius,dc=xxx,dc=xxx uid: testuser cn: testuser objectClass: radiusprofile account radiusNASIdentifier: vpn In the Access-Request NAS-Identifier is chilli, so I shouldn't get authenticated, right? ... rlm_ldap: LDAP radiusnasidentifier mapped to RADIUS NAS-Identifier ... rlm_ldap: Adding radiusnasidentifier as NAS-Identifier, value vpn & op=21 ... rad_recv: Access-Request packet from host 127.0.0.1:1052, id=0, length=200 User-Name = "testuser" User-Password = "123456" NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.100.2 Calling-Station-Id = "00-11-43-68-B6-C7" Called-Station-Id = "00-00-21-D7-27-EA" NAS-Identifier = "chilli" Acct-Session-Id = "426371ac00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x639366a805ea2fa073720e2f5427bf7f WISPr-Logoff-URL = "http://192.168.100.1:3990/logoff" Processing the authorize section of radiusd.conf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html