I already set the specific basedn in the radiusd.conf.
I want to search only in the specific ldap branch for an specific
called-station-id.
Here is the debug log:
rad_recv: Access-Request packet from host 10.160.4.7:3459, id=27, length=55
User-Name = "admin"
User-Password = "pass123"
Called-Station-Id = "40004015"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
users: Matched DEFAULT at 57
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall: entering group group for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for admin
radius_xlat: '(&(objectClass=aRadiusAccount)(uid=admin))'
radius_xlat: 'dc=company,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=company,dc=com/secret to 192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=company,dc=com, with filter
(&(objectClass=aRadiusAccount)(uid=admin))
rlm_ldap: Added password {SHA}65klKnzqoLdyHTcDnLVHwNNxTo4= in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 0
modcall: group group returns ok for request 0
modcall: group authorize returns ok for request 0
Processing the authorize section of radiusd.conf
modcall: entering group autztype for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for admin
radius_xlat: '(&(objectClass=aRadiusAccount)(uid=admin))'
radius_xlat: 'ou=client1,dc=company,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=company,dc=com/secret to 192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=client1,dc=company,dc=com, with filter
(&(objectClass=aRadiusAccount)(uid=admin))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap_client1" returns notfound for request 0
modcall: group autztype returns notfound for request 0
rad_check_password: Found Auth-Type CLIENT1
auth: type "CLIENT1"
Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "admin" with password "pass123"
rlm_ldap: user DN: uid=admin,ou=a,ou=bender,dc=company,dc=com
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 1
rlm_ldap: bind as uid=admin,ou=a,ou=bender,dc=company,dc=com/pass123 to
192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user admin authenticated succesfully
modcall[authenticate]: module "ldap_client1" returns ok for request 0
modcall: group authtype returns ok for request 0
radius_xlat: 'Welcome a CLIENT1.'
Login OK: [admin/pass123] (from client Esteban port 0)
Sending Access-Accept of id 27 to 10.160.4.7:3459
Reply-Message = "Bienvenido a CLIENT1."
Finished request 0
Going to the next request
Mensaje citado por Dustin Doris <[EMAIL PROTECTED]>:
> >
> > Does anyone know how to restrict user search to an specific LDAP branch?
>
> the basedn setting in radiusd.conf ldap section.
>
> >
> > I want to find in an specific ldap branch if an specific DNIS arrives.
> >
> > I tried these setting, but when the user is noy found in the specific
> branch,
> > the search then try to find the user in the other ldaps that I set.
>
> Are you saying you want to try the search in the other branch if not found
> in the first branch? Or, are you saying it is searching in the other
> branch, but you don't want it to?
>
> >
> > I tried setting the user file:
> > DEFAULT Called-Station-Id == "123456", Auth-type := client1 , Autz-Type
> :=
> > ldap_client1
> >
> > and in the radiusd.conf:
> >
> > ldap ldap_client1 { server = "192.168.1.1"
> > basedn = "ou=client1, dc=abc , dc=com"
> > .....
> > .....
> > }
> >
> > authorize {
> > preprocess
> > files
> > chap
> > group {
> > ldap1
> > ldap2
> > }
> > autztype ldap_client1
> > ldap_client1
> > }
> >
> > Authenticate
> > {
> > authtype CHAP{chap}
> > authtype LDAP {
> > redundant{
> > ldap1
> > ldap2
> > }
> > }
> > authtype client1 {
> > ldap_client1}
> > }
>
>
> What does radiusd -X show? Please be more specific in what you want to
> happen and then include the radiusd -X debug showing what is happening.
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-----------------------------------------------------------------
Obten� tu casilla gratis con 20MB, en: http://www.aconectarse.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
