Hello Christian -
On Fri, 26 May 2000, Christian Hammers wrote:
> Hello
>
> On Fri, May 26, 2000 at 08:22:50AM +1000, Hugh Irvine wrote:
> > you can set up DEFAULT/Auth-Type pairs to add the attributes that way. Perhaps
> > if you describe your requirements in more detail I can assist in finding the
> > best mechanism to use.
> Ok. We use LDAP to store our Radius data. A normal LDAP entry looks like:
> ...
> rradiususername=8W99999
> radiususer-name=8W99999 Long user description for the logfile
> radiuspassword=secret
> radiusprofile=westend-dynamic-dialup
>
OK
> We have three profiles, used via replaceIfNotExisting:
> westend-dynamic-dialup for normal dialups
> westend-static-dialup with static IP addresses stored in LDAP
> westend-callback-dialup not yet implemented
>
Understood.
> Now we want to offer our clients VPN support and therefore need to give
> the cisco some TACACS+ attributes. As we don't like to use a TACACS server
> next to the radius server (we bought for much money :-)) we have to use
> cisco-avpair Attributes to give all these parameters via radius.
> (Sadly as you know the LDAP function does not allow you to specify more
> than one radiuscisco-avpair="something" -> see older mails from me)
>
I don't think the problem is with the LDAP function, its just that you are
using AddToReplyIfNotExist, instead of just using AddToReply. (And the problem
with AddToReplyIfNotExist is that it will add the first attribute of whatever
name, but after adding that attribute, the attribute then exists, hence you
cannot add any more attributes with the same name, by definition).
>
> So now what. I tried to use the profiles, although that has the drawback
> that we have to create an unique profile for every VPN client, but this
> would be acceptable. But this didn't work, too. I tried to use \n seperated
> values but this lead to no success (see other mail).
>
Why did this not work?
>
> If you do not have a good idea I think I'll have to try to hack
> the LDAP function to store that attributes in arrays instead of hashes
> and therefore allow several attributes with the same name.
>
As mentioned previously, the best approach is just to use AddToReply.
Otherwise, we have recently done some work on some hooks to deal specifically
with Profiles such as you describe. You can have a look at them in the patches
area:
http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
