A few things to look at would be:
1) Do you have ldap configured in the authorize section of radiusd.conf? This is where it picks up the attributes from the user's record.
2) If the answer to 1 is yes, You're doing an anonymous bind to the LDAP server. Does that give you the necessary access rights to read the record from LDAP?
3) If the answer to 2 is yes, are the attributes you're trying to read/return configured in $prefix/etc/raddb/ldap.attrmap
Hope that helps, and guides you on your way to a solution.
regards, Mike
Andre Herkenrath wrote:
Hi,
I have a very strange problem. I authenticate a user agains a Novell 6 Server, which is not the problem. But I need some Attributes from the authentication brought back to the NAS
I put these in the users file and it worked with another server:
Users (complete) ----------------- DEFAULT Auth-Type :=3DLDAP ,Ldap-Group =3D=3D "CN=3DWGRAS,O=3DFKEL" Reply-Message =3D "Welcome, you are allowed to have dialup access", Framed-Filter-Id =3D "std.ppp", Fall-Through =3D 0 ------------------ The Ldap portion of the radiusd.conf (comments removed) ----------------
ldap { server =3D "170.56.185.59" identity =3D "anonymous" basedn =3D "OU=3DAbteilungen,O=3DFKEL" filter =3D "(uid=3D%{Stripped-User-Name:-%{User-Name}})" start_tls =3D no dictionary_mapping =3D ${raddbdir}/ldap.attrmap ldap_connections_number =3D 5 groupmembership_attribute =3D radiusGroupName timeout =3D 20 timelimit =3D 20 net_timeout =3D 10 }
Strangely the binds need a very long time (up to 8 seconds each) - but what has this to do with the not transmitting the Attributes ??
As I said, the authentication works, but the Attributes are missing - Any Ideas ?
Regards Andre
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html