Hello
I'm having some trouble with a configuration where I authorize from
LDAP (works fine) and then I want to add some generic attributes with
a DEFAULT entry in users file. Basically this working right except one
small annoyance; It wont return the second cisco-avpair at all. With
pure files authorization it works fine. I can any "normal" other radius
attribute after these cisco-avpairs and it shows up in the response,
just not any other cisco-avpair attribute. I've also tried to put the
second cisco-avpair into a second DEFAULT entry (fall-through the first
one) but it wont take it either. It looks like it will always ignore
any more than one cisco-avpair attribute with LDAP authorization. I
don't have any such attribute defined via LDAP.
Any ideas?
Sending Access-Request of id 118 to 127.0.0.1:1645
User-Name = "ADSL.oppermann"
User-Password = "\23u^\251\371\361\354\301\247\325\362\263\35hw"
NAS-IP-Address = testhost
NAS-Port-Id = "123"
rad_recv: Access-Accept packet from host 127.0.0.1:1645, id=118, length=71
Framed-IP-Address = 192.168.1.14
Framed-Protocol = PPP
Service-Type = Framed-User
Cisco-AVPair = "ip:dns-servers=192.168.1.1"
users:
...
DEFAULT Prefix == "adsl."
cisco-avpair = "ip:dns-servers=192.168.1.1",
cisco-avpair = "lcp:interface-config=ip unnumbered tunnel 1"
...
radiusd.conf:
...
authorize {
preprocess
ldap
mschap
files
}
authenticate {
mschap
pap
}
...
Thread 1 handling request 0, (1 handled so far)
User-Name = "ADSL.oppermann"
User-Password = "\23u^\251\371\361\354\301\247\325\362\263\35hw"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "123"
rad_lowerpair: User-Name now 'adsl.oppermann'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for adsl.oppermann
radius_xlat: '(raduser=adsl.oppermann)'
radius_xlat: 'o=Internet,c=CH'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.example.com:389, authentication 0
rlm_ldap: bind as /
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=Internet,c=CH, with filter
(raduser=adsl.oppermann)
rlm_ldap: Added password xxxxxx in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value Local & op=11
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.1.14 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user adsl.oppermann authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "mschap" returns noop
users: Matched DEFAULT at 48
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 118 to 127.0.0.1:3836
Framed-IP-Address = 192.168.1.14
Framed-Protocol = PPP
Service-Type = Framed-User
Cisco-AVPair = "ip:dns-servers=192.168.1.1"
Finished request 0
Going to the next request
--
Andre
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html