Hi,
I set a freeradius (0.8) server which proxifies data to two others
freeradius servers. This servers use two LDAP servers to do
autorization and authentication.
I set a profile dn in the users attributes. And the strange thing is
that some attributes are not returned. For example I added several
attributes in the profile (radiusIdleTimeout, radiusCallbackId,
radiusFramedIPNetmask, radiusFramedIPAddress, radiusServiceType) and
there is only radiusIdleTimeout and radiusCallbackId that are returned.
All files are the default ones. I have all the mappings in the
ldap.attrmap file.
I don't understand why FR is not returning all the defined attributes;
or there is a place to define returned attributes and I missed it !
Thanks for any help.
The radiusd.conf contains:
ldap ldap1 {
server = "radclient1.umlnet"
basedn = "ou=users,ou=%{Realm},ou=clients,dc=umlnet"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
profile_attribute = "radiusProfileDn"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 5
timelimit = 5
net_timeout = 2
access_attr = "dialupAccess"
access_attr_used_for_allow = yes
}
ldap ldap2 {
-> the same on other radclient2.umlnet host
}
authorize {
suffix
autztype LDAP {
redundant {
ldap1
ldap2
notfound = return
}
}
files
}
authenticate {
authtype LDAP {
ldap1
ldap2
}
}
The users file only contains: DEFAULT Autz-Type := "LDAP"
Here is a part of the log:
modcall: entering group authorize
rlm_realm: Looking up realm raceme for User-Name = "u_0@raceme"
rlm_realm: Found realm raceme
rlm_realm: Adding Stripped-User-Name = "u_0"
rlm_realm: Proxying request from user u_0 to realm raceme
rlm_realm: Adding Realm = "raceme"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 218
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
modcall: entering group autztype
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for u_0
radius_xlat: '(uid=u_0)'
radius_xlat: 'ou=users,ou=raceme,ou=clients,dc=umlnet'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=raceme,ou=clients,dc=umlnet,
with filter (uid=u_0)
rlm_ldap: checking if remote access for u_0 is allowed by dialupAccess
rlm_ldap: performing search in
cn=default,ou=profils,ou=raceme,ou=clients,dc=umlnet, with filter
(objectclass=radiusprofile)
rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 300 & op=11
rlm_ldap: Adding radiusCallbackId as Callback-Id, value 5 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 7 &
op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 6 &
op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value plop & op=11
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user u_0 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok
modcall: group redundant returns ok
modcall: group autztype returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "u_0" with password "BigPass_0"
rlm_ldap: user DN: uid=u_0,ou=users,ou=raceme,ou=clients,dc=umlnet
rlm_ldap: (re)connect to radclient1.umlnet:389, authentication 1
rlm_ldap: bind as
uid=u_0,ou=users,ou=raceme,ou=clients,dc=umlnet/BigPass_0 to
radclient1.umlnet:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user u_0 authenticated succesfully
modcall[authenticate]: module "ldap1" returns ok
modcall: group authtype returns ok
radius_xlat: '5'
Sending Access-Accept of id 2 to 192.168.45.20:1814
Idle-Timeout = 300
Callback-Id = "5"
Proxy-State = 0x31
Finished request 1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
