i disabled " access_attr="dialupAccess" " in radiusd.conf file it works correctly thank you ;-)
2008/5/30 Ivan Kalik <[EMAIL PROTECTED]>: > Again: > > http://wiki.freeradius.org/index.php/Rlm_ldap > > Access attribute and it's use is explained in there. You can disable it > if you want. Or allow access if it doesn't exist. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 30/5/2008, "youness hsina" <[EMAIL PROTECTED]> piše: > > >Hi Lists, > >sorry for my english and thank you very much in advance for your help. > > > >I'm trying to make a test in radius server with a user who is locate in > >ldap server with this commande : > >*# radtest yhsina yhsina localhost 0 test > >*and i'm getting this message : > >Sending Access-Request of id 36 to 127.0.0.1 port 1812 > > User-Name = "yhsina" > > User-Password = "yhsina" > > NAS-IP-Address = 255.255.255.255 > > NAS-Port = 0 > >*rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=36, > length=20 > >*in debugging mode i have this error : * > >**rlm_ldap: no dialupAccess attribute - access denied by default* > >* > >*Have you any ideas please why it doen't work ? > > > >here's my debugging message : > > > >radius# radiusd -X -A & > >[1] 4889 > >radius# Starting - reading configuration files ... > >reread_config: reading radiusd.conf > >Config: including file: /usr/local/etc/raddb/proxy.conf > >Config: including file: /usr/local/etc/raddb/clients.conf > >Config: including file: /usr/local/etc/raddb/snmp.conf > >Config: including file: /usr/local/etc/raddb/eap.conf > >Config: including file: /usr/local/etc/raddb/sql.conf > > main: prefix = "/usr/local" > > main: localstatedir = "/var" > > main: logdir = "/var/log" > > main: libdir = "/usr/local/lib" > > main: radacctdir = "/var/log/radacct" > > main: hostname_lookups = no > > main: snmp = no > > main: max_request_time = 30 > > main: cleanup_delay = 5 > > main: max_requests = 1024 > > main: delete_blocked_requests = 0 > > main: port = 0 > > main: allow_core_dumps = no > > main: log_stripped_names = no > > main: log_file = "/var/log/radius.log" > > main: log_auth = no > > main: log_auth_badpass = no > > main: log_auth_goodpass = no > > main: pidfile = "/var/run/radiusd/radiusd.pid" > > main: user = "(null)" > > main: group = "(null)" > > main: usercollide = no > > main: lower_user = "no" > > main: lower_pass = "no" > > main: nospace_user = "no" > > main: nospace_pass = "no" > > main: checkrad = "/usr/local/sbin/checkrad" > > main: proxy_requests = yes > > proxy: retry_delay = 5 > > proxy: retry_count = 3 > > proxy: synchronous = yes > > proxy: default_fallback = yes > > proxy: dead_time = 120 > > proxy: post_proxy_authorize = no > > proxy: wake_all_if_all_dead = no > > security: max_attributes = 200 > > security: reject_delay = 1 > > security: status_server = no > > main: debug_level = 0 > >read_config_files: reading dictionary > >read_config_files: reading naslist > >Using deprecated naslist file. Support for this will go away soon. > >read_config_files: reading clients > >read_config_files: reading realms > >radiusd: entering modules setup > >Module: Library search path is /usr/local/lib > >Module: Loaded exec > > exec: wait = yes > > exec: program = "(null)" > > exec: input_pairs = "request" > > exec: output_pairs = "(null)" > > exec: packet_type = "(null)" > >rlm_exec: Wait=yes but no output defined. Did you mean output=none? > >Module: Instantiated exec (exec) > >Module: Loaded expr > >Module: Instantiated expr (expr) > >Module: Loaded PAP > > pap: encryption_scheme = "crypt" > > pap: auto_header = yes > >Module: Instantiated pap (pap) > >Module: Loaded CHAP > >Module: Instantiated chap (chap) > >Module: Loaded MS-CHAP > > mschap: use_mppe = yes > > mschap: require_encryption = no > > mschap: require_strong = no > > mschap: with_ntdomain_hack = no > > mschap: passwd = "(null)" > > mschap: ntlm_auth = "(null)" > >Module: Instantiated mschap (mschap) > >Module: Loaded System > > unix: cache = no > > unix: passwd = "(null)" > > unix: shadow = "(null)" > > unix: group = "(null)" > > unix: radwtmp = "/var/log/radwtmp" > > unix: usegroup = no > > unix: cache_reload = 600 > >Module: Instantiated unix (unix) > >Module: Loaded LDAP > > ldap: server = "192.168.33.33" > > ldap: port = 389 > > ldap: net_timeout = 1 > > ldap: timeout = 4 > > ldap: timelimit = 3 > > ldap: identity = "cn=Manager,dc=iut-velizy,dc=uvsq,dc=fr" > > ldap: tls_mode = no > > ldap: start_tls = no > > ldap: tls_cacertfile = "(null)" > > ldap: tls_cacertdir = "(null)" > > ldap: tls_certfile = "(null)" > > ldap: tls_keyfile = "(null)" > > ldap: tls_randfile = "(null)" > > ldap: tls_require_cert = "allow" > > ldap: password = "secret" > > ldap: basedn = "dc=iut-velizy,dc=uvsq,dc=fr" > > ldap: filter = "(uid=%u)" > > ldap: base_filter = "(objectclass=radiusprofile)" > > ldap: default_profile = "(null)" > > ldap: profile_attribute = "(null)" > > ldap: password_header = "(null)" > > ldap: password_attribute = "userPassword" > > ldap: access_attr = "dialupAccess" > > ldap: groupname_attribute = "cn" > > ldap: groupmembership_filter = > > >"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" > > ldap: groupmembership_attribute = "(null)" > > ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap" > > ldap: ldap_debug = 0 > > ldap: ldap_connections_number = 5 > > ldap: compare_check_items = no > > ldap: access_attr_used_for_allow = yes > > ldap: do_xlat = yes > > ldap: set_auth_type = yes > >rlm_ldap: Registering ldap_groupcmp for Ldap-Group > >rlm_ldap: Registering ldap_xlat with xlat_name ldap > >rlm_ldap: reading ldap<->radius mappings from file > >/usr/local/etc/raddb/ldap.attrmap > >rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ > >rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ > >rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type > >rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use > >rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id > >rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id > >rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password > >rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password > >rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT > >rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration > >rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address > >rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type > >rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol > >rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address > >rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask > >rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route > >rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing > >rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id > >rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU > >rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression > >rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host > >rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service > >rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port > >rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number > >rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id > >rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network > >rlm_ldap: LDAP radiusClass mapped to RADIUS Class > >rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout > >rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout > >rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action > >rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service > >rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node > >rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group > >rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS > >Framed-AppleTalk-Link > >rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS > >Framed-AppleTalk-Network > >rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS > >Framed-AppleTalk-Zone > >rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit > >rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port > >rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message > >conns: 0x2840f290 > >Module: Instantiated ldap (ldap) > >Module: Loaded eap > > eap: default_eap_type = "tls" > > eap: timer_expire = 60 > > eap: ignore_unknown_eap_types = yes > > eap: cisco_accounting_username_bug = no > >rlm_eap: Loaded and initialized type md5 > >rlm_eap: Loaded and initialized type leap > > gtc: challenge = "Password: " > > gtc: auth_type = "PAP" > >rlm_eap: Loaded and initialized type gtc > > tls: rsa_key_exchange = no > > tls: dh_key_exchange = yes > > tls: rsa_key_length = 512 > > tls: dh_key_length = 512 > > tls: verify_depth = 0 > > tls: CA_path = "(null)" > > tls: pem_file_type = yes > > tls: private_key_file = "/usr/local/etc/raddb/certs/serveur.pem" > > tls: certificate_file = "/usr/local/etc/raddb/certs/serveur.pem" > > tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" > > tls: private_key_password = "whatever" > > tls: dh_file = "/usr/local/etc/raddb/certs/dh" > > tls: random_file = "/usr/local/etc/raddb/certs/random" > > tls: fragment_size = 1024 > > tls: include_length = yes > > tls: check_crl = no > > tls: check_cert_cn = "%{User-Name}" > > tls: cipher_list = "(null)" > > tls: check_cert_issuer = "(null)" > >rlm_eap_tls: Loading the certificate file as a chain > >WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may > not > >work! > >WARNING: Fix this by running the OpenSSL command listed in eap.conf > >rlm_eap: Loaded and initialized type tls > > mschapv2: with_ntdomain_hack = no > >rlm_eap: Loaded and initialized type mschapv2 > >Module: Instantiated eap (eap) > >radiusd.conf Auth-Type eap already configured - skipping > >Module: Loaded preprocess > > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > > preprocess: hints = "/usr/local/etc/raddb/hints" > > preprocess: with_ascend_hack = no > > preprocess: ascend_channels_per_line = 23 > > preprocess: with_ntdomain_hack = no > > preprocess: with_specialix_jetstream_hack = no > > preprocess: with_cisco_vsa_hack = no > > preprocess: with_alvarion_vsa_hack = no > >Module: Instantiated preprocess (preprocess) > >Module: Loaded realm > > realm: format = "suffix" > > realm: delimiter = "@" > > realm: ignore_default = no > > realm: ignore_null = no > >Module: Instantiated realm (suffix) > >Module: Loaded files > > files: usersfile = "/usr/local/etc/raddb/users" > > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > > files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" > > files: compat = "no" > >Module: Instantiated files (files) > >Module: Loaded Acct-Unique-Session-Id > > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, > >Client-IP-Address, NAS-Port" > >Module: Instantiated acct_unique (acct_unique) > >Module: Loaded detail > > detail: detailfile = > "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d" > > detail: detailperm = 384 > > detail: dirperm = 493 > > detail: locking = no > >Module: Instantiated detail (detail) > >Module: Loaded radutmp > > radutmp: filename = "/var/log/radutmp" > > radutmp: username = "%{User-Name}" > > radutmp: case_sensitive = yes > > radutmp: check_with_nas = yes > > radutmp: perm = 384 > > radutmp: callerid = yes > >Module: Instantiated radutmp (radutmp) > >Listening on authentication *:1812 > >Listening on accounting *:1813 > >Ready to process requests. > >rad_recv: Access-Request packet from host 127.0.0.1:54433, id=36, > length=58 > > User-Name = "yhsina" > > User-Password = "yhsina" > > NAS-IP-Address = 255.255.255.255 > > NAS-Port = 0 > > Processing the authorize section of radiusd.conf > >modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "yhsina", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > rlm_eap: No EAP-Message, not doing EAP > > modcall[authorize]: module "eap" returns noop for request 0 > > modcall[authorize]: module "files" returns notfound for request 0 > >rlm_ldap: - authorize > >rlm_ldap: performing user authorization for yhsina > >radius_xlat: '(uid=yhsina)' > >radius_xlat: 'dc=iut-velizy,dc=uvsq,dc=fr' > >rlm_ldap: ldap_get_conn: Checking Id: 0 > >rlm_ldap: ldap_get_conn: Got Id: 0 > >rlm_ldap: attempting LDAP reconnection > >rlm_ldap: (re)connect to 192.168.33.33:389, authentication 0 > >rlm_ldap: bind as cn=Manager,dc=iut-velizy,dc=uvsq,dc=fr/secret to > >192.168.33.33:389 > >rlm_ldap: waiting for bind result ... > >rlm_ldap: Bind was successful > >rlm_ldap: performing search in dc=iut-velizy,dc=uvsq,dc=fr, with filter > >(uid=yhsina) > >*rlm_ldap: no dialupAccess attribute - access denied by default* > >rlm_ldap: ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns userlock for request 0 > >modcall: leaving group authorize (returns userlock) for request 0 > >Delaying request 0 for 1 seconds > >Finished request 0 > > > > > > > > > > > > > >> > >> > >> > >> > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- HSINA Youness Etudiant R&T - IUT--Velizy 78140 Tél : 06.28.73.76.75
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
