|
Hy all,
I have configured my LDAP server with the following
control access. In the slapd.conf:
access to
* by self
write by
dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com"
write by
anonymous auth ---------------------------------------
My users file:
DEFAULT Ldap-Group == isdn, NAS-Port == 58,
User-Profile := "uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com"
DEFAULT Auth-Type :=
Reject
Reply-Message = "Llamse a servicio tecnico" -------------------------------------------
My directory:
dn: dc=mydomain,dc=com
objectclass: dcObject objectclass: organizationalUnit ou: Mydomain.com Radius dc: mydomain dn: ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit ou: radius dn:
ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit ou: profiles dn:
ou=users,ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit ou: users dn:
ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit ou: admins dn:
uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass: radiusprofile uid: dial radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None dn:
uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass: radiusprofile uid: isdn radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPNetmask: 255.255.254.0 radiusFramedRouting: None dn:
uid=example,ou=users,ou=radius,dc=mydomain,dc=com
objectclass: radiusprofile uid: example userPassword: test radiusGroupName: dial radiusGroupName: isdn dn:
cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: person sn: freeradius cn: freeradius userPassword: freeradius dn:
cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: person sn: billing cn: billing userPassword: billing dn:
cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: person sn: replica cn: replica userPassword: replica ------------------------------------------------
When I try to authorize a user, it
fails:
rad_recv: Access-Request packet from host
127.0.0.1:39035, id=223, length=59
User-Name = "example" User-Password = "test" NAS-IP-Address = xx.yy.cc.vv NAS-Port = 58 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "example", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=users,ou=radius,dc=mydomain,dc=com' radius_xlat: '(uid=example)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as / to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=users,ou=radius,dc=mydomain,dc=com, with filter (uid=example) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 3 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize If I remove the access control lines from
slapd.conf, it works well.
What am I doing wrong?
Regards,
Rafa
|
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

