Great will try it out thanks
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris Sent: 20 May 2005 20:10 To: [email protected] Subject: RE: ldap huntgroups and groups On Thu, 19 May 2005, alan walters wrote: > > >Please post radiusd -X output. Specifically the part on ldap searches and > >where the USERS file is matched. > > Relevant part of radius -X > > (auth is successful and group correct) clipping most of it for readability > > rad_recv: Access-Request packet from host 10.250.3.1:56020, id=246, length=188 > NAS-Identifier = "radiowavetest.radiowave.net" > NAS-Port = 0 > NAS-Port-Type = Virtual > Service-Type = Framed-User > Framed-Protocol = PPP > Calling-Station-Id = "10.4.230.10" > User-Name = "[EMAIL PROTECTED]" > MS-CHAP-Challenge = 0xbb1e683a0647bf82fa842f8dddd0407f > MS-CHAP2-Response = > 0x010056f2af227579756f984ce333919c80660000000000000000e2af48d7ffc1f099a96315810b76b801aa3270f18e3b7016 > Processing the authorize section of radiusd.conf > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=lisdoonvarna)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group lisdoonvarna not found ????or user not a member > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=ballyvaughan)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::ldap_groupcmp: User found in group ballyvaughan > rlm_ldap: ldap_release_conn: Release Id: 0 > users: Matched entry DEFAULT at line 10 first users file match, but then it keeps going. > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=doolin)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group doolin not found ????or user not a member > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=fanore)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group fanore not found ????or user not a member > rlm_ldap: ldap_release_conn: Release Id: 0 > users: Matched entry DEFAULT at line 32 second match > (auth is successful but group does not exsist) > > rad_recv: Access-Request packet from host 10.250.3.1:60780, id=53, length=188 > NAS-Identifier = "radiowavetest.radiowave.net" > NAS-Port = 0 > NAS-Port-Type = Virtual > Service-Type = Framed-User > Framed-Protocol = PPP > Calling-Station-Id = "10.4.230.10" > User-Name = "[EMAIL PROTECTED]" > MS-CHAP-Challenge = 0xbb1e6896e761f32d9a6c7ac81451a974 > MS-CHAP2-Response = > 0x01008ffd28c28741bdca50c3f4aa47c148ca00000000000000000b798d8e8c645e4eedecb42290684d221e8ef2a92b4527e6 > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=lisdoonvarna)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group lisdoonvarna not found ????or user not a member > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=doolin)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group doolin not found ????or user not a member > rlm_ldap: performing search in o=clients,dc=radiowave,dc=net, with filter > (&(radiusGroupName=fanore)([EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: performing search in [EMAIL > PROTECTED],vd=radiowave.net,o=clients,dc=radiowave,dc=net, with filter > (objectclass=*) > rlm_ldap::groupcmp: Group fanore not found ????or user not a member > rlm_ldap: ldap_release_conn: Release Id: 0 > users: Matched entry DEFAULT at line 36 match > This is the same as mine but you mention something about it needing to be on > the same line exactly what do you mean by this read below > ################################################################################ > # default auth to get radius with ldap to work > #################################################################################### > DEFAULT Ldap-Group == lisdoonvarna > Huntgroup-Name == internet, > User-Profile := > "cn=lisdoonvarna,ou=profiles,o=radius,dc=radiowave,dc=net", > Simultaneous-Use := 2, > Fall-Through = 1 > Read man 5 users. All check items must go on the first line. All reply items are followed on the rest of the lines and begin with a tab. This should read: DEFAULT Ldap-Group == lisdoonvarna, Huntgroup-Name == internet, User-Profile := "cn=...", Simultaneous-User :=2 Fall-Through = no > DEFAULT Ldap-Group == doolin > Huntgroup-Name == internet, > User-Profile := "cn=doolin,ou=profiles,o=radius,dc=radiowave,dc=net", > Simultaneous-Use := 2, > Fall-Through = 1 Same here. > > DEFAULT Ldap-Group == fanore > Huntgroup-Name == internet, > User-Profile := "cn=fanore,ou=profiles,o=radius,dc=radiowave,dc=net", > Simultaneous-Use := 2, > Fall-Through = 1 Same Here > > ######################################################################### > ### default ldap authentication fall through works > ########################################################################## > > # DEFAULT Auth-Type := Ldap > # Auth-Type := Accept, > # Simultaneous-Use := 1 > > DEFAULT Auth-Type := Reject > Reply-Message = "sorry you are not allowred to dial in here", > Simultaneous-Use := 0 > > I would think the main issue lyes here which is the above command??? > users: Matched entry DEFAULT at line 36 > You need to fix your users file and put all the check items on the first line. I think that should do it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.12 - Release Date: 17/05/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.12 - Release Date: 17/05/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
