hi again.... now is fine.. the hint query was ... 1 configuration in the hints file.. left the default for users not with suffix.. and ldap.atrribmap.. miss Hint --- radiusHint
again.. thanxs for all 2013/3/22 Tony Peña <emperor...@gmail.com> > Hi again... > I'm starting taking some confuse idea with this... > > I use 3 checkvals. > > 1 for Calling-Station-Id > 2 for Called-Station-Id > and 3 for Hints > > and in the Hints file.. i setup my hints domains and filter to can apply > for the suffix the correct acl/pool ip. > > also have radiusHints and radiusFilterId in my OpenLDAP db. > > now.. my question is.. why if Hints is not found in radius query... > continue checking the rest for the values... and with any checkvals 1 or 2 > works fine.. ?? > > so... if some user use other hints radius do access-accept... and not the > reject like callings/called-station-id who with that... works fine.. > > simple debug. > > [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> > (uid=gtm478) > [ldap] expand: ou=institute,ou=users,dc=sld,dc=cu -> > ou=institute,ou=users,dc=domain,dc=com > [ldap] ldap_get_conn: Checking Id: 0 > [ldap] ldap_get_conn: Got Id: 0 > [ldap] performing search in ou=institute,ou=users,dc=domain,dc=com, with > filter (uid=gtm478) > [ldap] performing search in > cn=users.ppp,ou=profiles,ou=radius,ou=services,dc=domain,dc=com, with > filter (objectclass=radiusprofile) > [ldap] radiusCalledStationId -> Called-Station-Id == "999999" > [ldap] radiusCalledStationId -> Called-Station-Id == "888888" > [ldap] radiusCalledStationId -> Called-Station-Id == "111111" > [ldap] extracted attribute Max-Monthly-Session from generic item > Max-Monthly-Session := 90000 > [ldap] radiusIdleTimeout -> Idle-Timeout = 300 > [ldap] radiusSessionTimeout -> Session-Timeout = 7200 > [ldap] radiusFramedCompression -> Framed-Compression = > Van-Jacobson-TCP-IP > [ldap] radiusFramedMTU -> Framed-MTU = 576 > [ldap] radiusFilterId -> Filter-Id = "general.in" > [ldap] radiusFramedProtocol -> Framed-Protocol = PPP > [ldap] radiusServiceType -> Service-Type = Framed-User > [ldap] Added User-Password = {CRYPT}$1$passwordcrypted in check items > [ldap] No default NMAS login sequence > [ldap] looking for check items in directory... > [ldap] userPassword -> Password-With-Header == > "{CRYPT}$1$cryptedpassword" > [ldap] radiusCallingStationId -> Calling-Station-Id == "111111" > [ldap] looking for reply items in directory... > [ldap] user gtm478 authorized to use remote access > [ldap] ldap_release_conn: Release Id: 0 > ++[ldap] returns ok > rlm_checkval: Item Name: Calling-Station-Id, Value: 111111 > rlm_checkval: Value Name: Calling-Station-Id, Value: 111111 > ++[checkval1] returns ok > rlm_checkval: Item Name: Called-Station-Id, Value: 88888 > rlm_checkval: Value Name: Called-Station-Id, Value: 999999 > rlm_checkval: Value Name: Called-Station-Id, Value: 88888 > ++[checkval2] returns ok > rlm_checkval: Item Name: Hint, Value: userdefault > *rlm_checkval: Could not find attribute named Hint in check pairs* > *++[checkval3] returns notfound* > > *I need to stop here.. and reject the user.. * > > ++? if (User-Name =~ /^(.+)@institute.domain.com/) > ? Evaluating (User-Name =~ /^(.+)@institute.domain.com/) -> TRUE > ++? if (User-Name =~ /^(.+)@institute.domain.com/) -> TRUE > ++- entering if (User-Name =~ /^(.+)@institute.domain.com/) {...} > rlm_sqlcounter: Entering module authorize code > > *NOT should be continue.....* > > the users .. logging on...ok. (with bad hints) > with hints works fine. > > thanxs in advance... (i'm continue searching and try meanwhilte wait for > this...) > sorry for my bad english .. O:-) > regards. > > -- > Antonio Peña > Secure email with PGP 0x8B021001 available at http://pgp.mit.edu > Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001 > -- Antonio Peña Secure email with PGP 0x8B021001 available at http://pgp.mit.edu Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html