|
freeRADIUS1.0.1-1 Auth against openLDAP2.0.27-17 ignores LDAP pswd Expire attribute
Hi all,
I am using Red Hat Linux ES3, with freeRADIUS(1.0.1-1.RHEL3 )authenticating dial-up users against openLDAP(2.0.27-17) through Cisco NAS 3745.
The authentication is working fine except that RADIUS IGNORES the expiration attribute in LDAP database.
I am aware that I have to tell RADIUS to include Password expiration in LDAP but I dont know how.
I have done the following in RADIUS directory attributes mapped to LDAP directory attributes /etc/raddb/ldap.attrmap;
ItemType RADIUS-Attribute-Name ldapAttributeName
.....
.....
checkItem Expiration radiusExpiration
.....
....
In my users conf. file /etc/raddb/users I have done the following
.....
DEFAULT Auth-Type = System
Fall-Through = Yes
DEFAULT Auth-Type := LDAP
Fall-Through = Yes
.....
In my radius conf. file /etc.raddb/radiusd.conf I have done the following
ldap {
server = "localhost"
basedn = "dc=example,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 18
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = yes
}
How do I configure RADIUS to recognise LDAP expiration attribute?
|
