Here: rad_recv: Access-Request packet from host 172.150.0.62 port 25196, id=194, length=63 User-Name = "testu...@xxxx.fi" User-Password = "testpass" NAS-IP-Address = 172.150.0.62 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.150.0.62/auth-detail-20130805 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.150.0.62/auth-detail-20130805 [auth_log] expand: %t -> Mon Aug 5 19:03:20 2013 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "xxxx.fi" for User-Name = "testu...@xxxx.fi" [suffix] No such realm "xxxx.fi" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [ldap] Entering ldap_groupcmp() [files] expand: dc=demonet,dc=local -> dc=demonet,dc=local [files] expand: %{Stripped-User-Name} -> [files] ... expanding second conditional [files] expand: %{User-Name} -> testu...@xxxx.fi [files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testu...@xxxx.fi) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=demonet,dc=local, with filter (uid=testu...@xxxx.fi) [ldap] ldap_release_conn: Release Id: 0 [files] expand: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=demonet,dc=local, with filter (&(cn=xxxx)(|(&(objectClass=GroupOfNames)(member=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal)))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=Tauno Testaaja,ou=xxxx,ou=Customers,dc=demonet,dc=local, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group xxxx [ldap] ldap_release_conn: Release Id: 0 [ldap] Entering ldap_groupcmp() [files] expand: dc=demonet,dc=local -> dc=demonet,dc=local [files] expand: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=demonet,dc=local, with filter (&(cn=disabled)(|(&(objectClass=GroupOfNames)(member=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dTauno Testaaja\2cou\3dxxxx\2cou\3dCustomers\2cdc\3ddemonet\2cdc\3dlocal)))) [ldap] object not found [ldap] ldap_release_conn: Release Id: 0 [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in cn=Tauno Testaaja,ou=xxxx,ou=Customers,dc=demonet,dc=local, with filter (objectclass=*) rlm_ldap::groupcmp: Group disabled not found or user not a member [ldap] ldap_release_conn: Release Id: 0 ++[files] returns noop [ldap] performing user authorization for testu...@xxxx.fi [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> testu...@xxxx.fi [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testu...@xxxx.fi) [ldap] expand: dc=demonet,dc=local -> dc=demonet,dc=local [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=demonet,dc=local, with filter (uid=testu...@xxxx.fi) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{SSHA}g5PDm9CrOOQu+XjbMGHTPnY43mifXND0" [ldap] looking for reply items in directory... [ldap] Setting Auth-Type = LDAP [ldap] user testu...@xxxx.fi authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing SSHA1-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = LDAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by "testu...@xxxx.fi" with password "testpass" [ldap] user DN: cn=Tauno Testaaja,ou=xxxx,ou=Customers,dc=demonet,dc=local [ldap] (re)connect to 172.150.0.22:389, authentication 1 [ldap] bind as cn=Tauno Testaaja,ou=xxxx,ou=Customers,dc=demonet,dc=local/testpass to 172.150.0.22:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] user testu...@xxxx.fi authenticated succesfully ++[ldap] returns ok Login OK: [testu...@xxxx.fi/testpass] (from client demonet-VPN01 port 0) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 194 to 172.150.0.62 port 25196 Finished request 6. Going to the next request Waking up in 4.9 seconds. Cleaning up request 6 ID 194 with timestamp +42 Ready to process requests.
Br, Ville > Hi, >> Here comes: >> >> rlm_ldap::ldap_groupcmp: User found in group xxxx > > radiusd -X > > > its what the docs say. for a reason > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html