On 24 Aug 2013, at 10:00, Nikolaos Milas <nmi...@noa.gr> wrote: > On 23/8/2013 9:19 μμ, Arran Cudbard-Bell wrote: > >> It'll either be in NAS-Port or NAS-Port-ID if the NAS is providing that >> information. > > Thanks Arran, > > It was NAS-Port indeed. Strangely enough, this is not included either in > ldap.attrmap or the freeradius schema. Shouldn't it (and other attributes > missing from ldap.attrmap and freeradius schema but defined in RFC 2865, like > NAS-Port-Type) be included at least in future FreeRadius releases? Or there > is a particular reason for which they were not included?
No, they should not be included in future releases. It is inefficient to check for the presence of hundreds of attributes in the retrieved object. The generic attribute format supported in both 2.0.0 and 3.0.0 allows you to map any attribute present in the FreeRADIUS dictionary, and even specify the operator used to add them to the various lists. You can of course, also use generic attributes as part of filters. > In any case, could I include the (desired) NAS-Port value in another > (seemingly unused) attribute of the FreeRadius Schema, like radiusHint (which > -if I understand right- has a suitable syntax: IA5 String), for which I guess > I should also add an entry in ldap.attrmap (because there is no radiusHint > attribute mapping therein), like: > > checkItem NAS-Port radiusHint Either update the schema for your installation, or use the generic attribute mapping and do the comparisons server side. Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
