Hello,
I am testing freeRadius v0.5, and have attributes setup in the ldap
directory. Reply attributes are working find, but Check attributes don't
seem to work properly eg: access should be deined fi the check attribute
in the Access-Request does not match.
Am I correct in thinking this?
Below is a Access-Request and an Access-Accept, if you look where I have
added the *********** First Check Attribute ********** etc, you will see
they do not match but the request is accepted anyway.
Any help would be great, thanks.
Regards
Allister
rad_recv: Access-Request packet from host 203.96.128.242:1025, id=133,
length=110
Thread 3 assigned request 3
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 3 handling request 3, (1 handled so far)
User-Name = "[EMAIL PROTECTED]"
User-Password = "XXXXXXXXXXXXXXXXXXXXX"
NAS-IP-Address = 203.96.128.242
NAS-Port = 20118
********************************************* First Check
Attribute **************************************************
NAS-Port-Type = Async
************************************************************************
**********************************************
State = 0x
********************************************* Second Check
Attribute **************************************************
Calling-Station-Id = "49157700"
************************************************************************
**********************************************
Called-Station-Id = "049173901"
Acct-Session-Id = "281178942"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 1
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for bbuilder
radius_xlat: '(uid=bbuilder)'
radius_xlat: 'ou=People,ou=Internet Service Provider,ou=Globe.Net
Communications Ltd,dc=gnc,dc=net,dc=nz'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=Internet Service
Provider,ou=Globe.Net Communications Ltd,dc=gnc,dc=net,dc=nz, with
filter (uid=bbuilder)
rlm_ldap: checking if remote access for bbuilder is allowed by
radiusNPAllowDialin
rlm_ldap: looking for check items in directory...
********************************************* First Check
Attribute **************************************************
rlm_ldap: Adding radiusNASPortType as NAS-Port-Type, value Cable & op=11
************************************************************************
**********************************************
********************************************* Second Check
Attribute **************************************************
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
49157711 & op=11
************************************************************************
**********************************************
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 600 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.2.180 & op=11
rlm_ldap: user bbuilder authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Pam
auth: type "Pam"
modcall: entering group authenticate
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: authentication succeeded for <bbuilder>
modcall[authenticate]: module "pam" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 133 to 203.96.128.242:1025
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Netmask = 255.255.255.255
Framed-Routing = None
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Assign-IP-Pool = 6
Ascend-Maximum-Channels = 1
Idle-Timeout = 600
Framed-IP-Address = 192.168.2.180
Finished request 3
Going to the next request
Thread 3 waiting to be assigned a request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
