Re: check item problem

Mon, 31 Mar 2003 06:18:43 -0800 

On Mon, 31 Mar 2003, Brian Leung wrote:

> hi all,
> i wanna to add some rules in freeradius so the user just can access the system from 
> the Calledstationid 123456, for example
> my ldif is like that:
>
> dn: uid=brianlk,ou=dialup,o=test
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: inetLocalMailRecipient
> objectClass: radiusprofile
> objectClass: posixAccount
> objectClass: PureFTPdUser
> sn: brianlk
> ou: dialup
> description:: IFBQUF9VWFBX
> uid: brianlk
> uidNumber: 15385
> gidNumber: 1001
> homeDirectory: /home/brianlk
> loginShell: /sbin/nologin
> userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
> cn: brianlk
> radiusCalledStationId: 123456
>
> However, the radiusCalledStationId haven't checked when i login. So, i can access 
> system from any Calledstationid. How can i fix?
> And, did i need to enable "compare_check_items = yes"?
> I have tried to enable, but i was rejected when i login. Anyone knows how to use 
> "compare_check_items"? Thank you
> the debug:

Try using the checkval module instead of enabling compare_check_items

>
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in o=test, with filter (uid=brianlk)
> rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 & op=21
> rlm_ldap: looking for reply items in directory...
> Invalid operator for item User-Password: reverting to '=='
> rlm_ldap: Pairs do not match. Rejecting user.
> ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "LDAP1" returns reject
> modcall: group redundant returns reject
> modcall: group authorize returns reject
> Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client localhost port 
> 10)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 119 to 127.0.0.1:33242
> Waking up in 7 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 119 with timestamp 3e87d523
> Nothing to do.  Sleeping until we see a request.
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to