> Where does the cookbook say that you should put that in ldap.attrmap? > Where are those radius attributes defined? Some additional dictionary? This part is not from the cookbook, it's something we intend to use internally here at the university. The setup is based on the eduroam guide, though, except for these attributes and the need to return the inner User-Name on the outside of the tunnel.
> > > > Why don't you map those in ldap.attrmap. That had actually never ocurred to me. I thought ldap.attrmap was used to create the variables and populate them with values, but it never ocurred me to use it just for attribution. That has worked flawlessly, thank you. Just so it's posted on the list, my solution in this case is as follows: on ldap.attrmap: [...] replyItem University-LDAP-organizationUnit ou replyItem University-LDAP-departmentNumber departmentNumber replyItem University-LDAP-affiliation eduPersonPrimaryAffiliation [...] > > > >on the inner-tunnel configuration file: > >> post-auth { > >> update outer.reply { > >> User-Name := %{reply:User-Name} > >> University-LDAP-departmentNumber := > >> %{rLDAPdepartmentNumber} > >> } > > That should be: > > User-Name := '%{reply:User-Name}' > University-LDAP-departmentNumber := > '%{rLDAPdepartmentNumber}' Now, this is still not working: having it as User-Name := '%{reply:User-Name}' still gives me an Access-Accept with text instead of variable value. Also, using double quotes yields the exact same result. > Sending Access-Accept of id 127 to xx.xx.xx.xx port 32785 > User-Name = "%{reply:User-Name}" > University-LDAP-organizationUnit = "cc " > University-LDAP-affiliation = "staff" > University-LDAP-departmentNumber = "20.5.2.4.0.0.0" > MS-MPPE-Recv-Key = > 0xecf20a153c749b7fa673b83360456fc9d5eb3080eaacdce7034dc6a69fe3ec3a > MS-MPPE-Send-Key = > 0x19632e43f61546fc38a26e0e71ef134ecd45dae99873af6040606bc2772bbd75 > EAP-Message = 0x03190004 > Message-Authenticator = 0x00000000000000000000000000000000 > Finished request 6. My need is to return the inner username (from within the TTLS tunnel) to the outside of the access-accept response.. Is there any other simpler way of doing this that I'm not aware? Thanks again for the help > > Ivan Kalik > Kalik Informatika ISP Guto
smime.p7s
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html