eDirectory Controlled attribute replies from FreeRADIUS

  • 3006566
  • 11-May-2006
  • 12-Dec-2016

Environment

Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell SUSE Linux Enterprise Server 8
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 10
FreeRADIUS

Situation

Control FreeRADIUS replies to the RADIUS client within iManager (or ConsoleOne).

Resolution

In order to have eDirectory respond with the proper radius attributes, the schema must be extended. This can be done by using the steps mentioned in the Novell free Raidus documentation :

The LDAP server needs to be refreshed/restarted after the schema has been extended.

Add the "radiusProfile" object class to the user object that is desired to have returned attributes (available on the "Other" tab for the user object). Various RADIUS attributes are now available. Add the desired attributes and values.

To respond with custom attributes (attributes that are not standard attributes in the RADIUS dictionaries) :
  1. Edit the /usr/share/freeradius/dictionary file and add the needed attribute definitions (see the RAS manufacturer for these definitions)
  2. Restart FreeRADIUS
  3. Using ConsoleOne, add an attribute of "radiusReplyItem", and set the attribute/value that is desired separated by an equal sign (e.g. : "Reply-Message = 'Hello, %u'")
  4. Run the radtest utility and ensure that the attribute is available