Hi Kostas,
The following is the whole debug when i used "compare_check_items",
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223, length=59
User-Name = "brianlk"
User-Password = "123jseff"
NAS-IP-Address = 192.168.0.2
NAS-Port = 10
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: '@testing.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername1" returns ok
radius_xlat: '@testing.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername2" returns ok
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for brianlk
radius_xlat: '(uid=brianlk)'
radius_xlat: 'o=pacific.net.hk'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.testing.com:389, authentication 0
rlm_ldap: bind as / to ldap.testing.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=testing.com, with filter (uid=brianlk)
rlm_ldap: Added password {crypt}1234455xe42 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: extracted attribute NAS-IP-Address from generic item
NAS-IP-Address == "192.168.0.1"
rlm_ldap: looking for reply items in directory...
Invalid operator for item User-Password: reverting to '=='
rlm_ldap: Pairs do not match. Rejecting user.
ldap_release_conn: Release Id: 0
modcall[authorize]: module "LDAP1" returns reject
modcall: group redundant returns reject
modcall: group authorize returns reject
Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client
localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 223 to 127.0.0.1:33291
Waking up in 7 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 223 with timestamp 3e88e269
Nothing to do. Sleeping until we see a request.
anyway i think i will try the your checkbval suggestion, thanks a lot.
Brian
----- Original Message -----
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: "freeradius" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 10:19 PM
Subject: Re: check item problem
> On Mon, 31 Mar 2003, Brian Leung wrote:
>
> > hi all,
> > i wanna to add some rules in freeradius so the user just can access the
system from the Calledstationid 123456, for example
> > my ldif is like that:
> >
> > dn: uid=brianlk,ou=dialup,o=test
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: inetLocalMailRecipient
> > objectClass: radiusprofile
> > objectClass: posixAccount
> > objectClass: PureFTPdUser
> > sn: brianlk
> > ou: dialup
> > description:: IFBQUF9VWFBX
> > uid: brianlk
> > uidNumber: 15385
> > gidNumber: 1001
> > homeDirectory: /home/brianlk
> > loginShell: /sbin/nologin
> > userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
> > cn: brianlk
> > radiusCalledStationId: 123456
> >
> > However, the radiusCalledStationId haven't checked when i login. So, i
can access system from any Calledstationid. How can i fix?
> > And, did i need to enable "compare_check_items = yes"?
> > I have tried to enable, but i was rejected when i login. Anyone knows
how to use "compare_check_items"? Thank you
> > the debug:
>
> Try using the checkval module instead of enabling compare_check_items
>
> >
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: performing search in o=test, with filter (uid=brianlk)
> > rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value
123456 & op=21
> > rlm_ldap: looking for reply items in directory...
> > Invalid operator for item User-Password: reverting to '=='
> > rlm_ldap: Pairs do not match. Rejecting user.
> > ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "LDAP1" returns reject
> > modcall: group redundant returns reject
> > modcall: group authorize returns reject
> > Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client
localhost port 10)
> > Delaying request 0 for 1 seconds
> > Finished request 0
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Sending Access-Reject of id 119 to 127.0.0.1:33242
> > Waking up in 7 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 0 ID 119 with timestamp 3e87d523
> > Nothing to do. Sleeping until we see a request.
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
