Re: Need Assistance please
Rivera, Denis [EMAIL PROTECTED] wrote: Uid=testuser Attribute Value securityRoleUsers Alan DeKok wrote: The value should have the operator in it. e.g. +=Users I would think that's clear. Is the value you've mentioned in the LDAP schema? Or in radiusd.conf? or ldap.attrmap? Where do I make the operator change? In the one place where you used the word value. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Assistance please
Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers Alan DeKok wrote: The value should have the operator in it. e.g. +=Users Is the value you've mentioned in the LDAP schema? Or in radiusd.conf? or ldap.attrmap? Where do I make the operator change? Is this a dumb question to ask? I can't find this answer?? Thank you for any input, -denis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FW: Need Assistance please
Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers Alan DeKok wrote: The value should have the operator in it. e.g. +=Users is the value you've mentioned in the LDAP schema (LDAP config file)? Or in radiusd.conf? or ldap.attrmap? I've modified the file ldap.attrmap as follow (this is the only change I've made) replyItemLogin-LAT-Group securityRole That should work. I thought by modifying this line to match the LDAP attribute would return all values for the user (testuser) in the LDAP schema. Alan DeKok wrote: No. The operators are still important. Alan DeKok. Alright... so this maybe a misconfiguration in LDAP? -denis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Assistance please
Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers Alan DeKok wrote: The value should have the operator in it. e.g. +=Users Is the value you've mentioned in the LDAP schema (LDAP config file)? Or in radiusd.conf? or ldap.attrmap? Where do I make the change? Thank you, -denis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: Need Assistance please
Alan, I'd first would like to extend my gratitude for answering my email. I'd also like to apoligize to everyone on the list for my confusion. I've been reading the book RADIUS by Jonathan Hassell, I've been reading archives for a while now. Can anyone suggest a good book with sample information? My problem is as follow: Is radius supposed to only return back a single attribute? That's what you told it to do. An attribute with one value (even with commas) is very different than attributes with multiple values. My suggestion is to create multiple entries in the LDAP schema for the Login-LAT-Group, as there is no Login-LAT-GroupS attribute. Each value should then be +=User(first) +=Change Password (second) etc... Alan DeKok. Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers securityRoletestgroup1 securityRoletestgroup2 securityRoleChange Password securityRoleLuisa Administrator I've modified the file ldap.attrmap as follow (this is the only change I've made) replyItem Login-LAT-Group securityRole I thought by modifying this line to match the LDAP attribute would return all values for the user (testuser) in the LDAP schema. When I use NTRadPing the response is: Sending authentication request to server test.server:1645 Transmitting packet, code=1 id=0 length=50 Received response from the server in 10 milliseconds Reply packet code=2 id0 length=27 Response: Access-Accept attribute dump-- Login-LAT-Group=Users Can you or anyone suggest any howto site. I've read the LDAP doc and it doesn't mention how to implement this. Is this possible? Did I miss a step? Thank you -denis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Assistance please
Rivera, Denis [EMAIL PROTECTED] wrote: -Attribute Dump- Login-LAT-Groups=Users I was expecting the value Change Password and Users and Luisa Administrator. ---Attribute Dump- Login-LAT-Groups=Users, Change Password, Administrator The string Change Password has a space in it - is this why the full string is not replied? No. There's a comma after Users. If the other space was the problem, you would see Users, Change being returned. Is radius supposed to only return back a single attribute? That's what you told it to do. An attribute with one value (even with commas) is very different than attributes with multiple values. My suggestion is to create multiple entries in the LDAP schema for the Login-LAT-Group, as there is no Login-LAT-GroupS attribute. Each value should then be +=User(first) +=Change Password (second) etc... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Assistance please
Alan, I'd first would like to extend my gratitude for answering my email. I'd also like to apoligize for my confusion. Is radius supposed to only return back a single attribute? That's what you told it to do. An attribute with one value (even with commas) is very different than attributes with multiple values. My suggestion is to create multiple entries in the LDAP schema for the Login-LAT-Group, as there is no Login-LAT-GroupS attribute. Each value should then be +=User(first) +=Change Password (second) etc... Alan DeKok. Alan, the User Change Password Administrator etc., are already part of the LDAP schema (under the attribute securityRole) e.g. Uid=testuser Attribute Value securityRoleUsers securityRoletestgroup1 securityRoletestgroup2 securityRoleChange Password securityRoleLuisa Administrator I've modified the file ldap.attrmap as follow (this is the only change I've made) replyItem Login-LAT-Group securityRole I thought by modifying this line to match the LDAP attribute it would return all values for the user (testuser). When I use NTRadPing the response is: Sending authentication request to server test.server:1645 Transmitting packet, code=1 id=0 length=50 Received response from the server in 10 milliseconds Reply packet code=2 id0 length=27 Response: Access-Accept attribute dump-- Login-LAT-Group=Users Can you or anyone suggest any howto site. I've read the LDAP doc and they don't mention how to do this. Is this possible? Thank you -denis Rivera, Denis [EMAIL PROTECTED] wrote: -Attribute Dump- Login-LAT-Groups=Users I was expecting the value Change Password and Users and Luisa Administrator. ---Attribute Dump- Login-LAT-Groups=Users, Change Password, Administrator The string Change Password has a space in it - is this why the full string is not replied? No. There's a comma after Users. If the other space was the problem, you would see Users, Change being returned. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Assistance please
Hello everyone, I'm new to the Linux / Radius. I would greatly appreciate feedback to the problem I'm encountering. I'm using Luisa v. 5 freeRadius v. 0.9.3 and OpenLDAP 2.1.25 To troubleshoot I'm utility NTRadPing v.1.5 When I test a user account [NTRadPing] I get response: Access-Accept (everything seems ok - the user authenticates fine) The problem is that [attribute dump] does not show what groups the user belongs to. Steps I've taken so far: I modified the ldap.attrmap file as follow: replyItem Login-LAT-Group securityRole securityRole is the attribute I see in the OpenLDAP After modifying the file... I'm now receiving a reply in attribute Dump (not what I expected)the only value I see is Users e.g. -Attribute Dump- Login-LAT-Groups=Users I was expecting the value Change Password and Users and Luisa Administrator. ---Attribute Dump- Login-LAT-Groups=Users, Change Password, Administrator The string Change Password has a space in it - is this why the full string is not replied? Is radius supposed to only return back a single attribute? My objective is for radius to return a list of the groups the user belongs to. Thank you, Denis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html