Im having trouble
configuring freeradius. Im going to give the full story, which might be too much
detail but here goes...
I have a radius
server (freeradius v 0.7) working on an old box. I want to upgrade this to a new
box with RHEL4 and Freeradius 1.0.1, that comes with RHEL4 now. The old
configuration files would not just copy over, starting free radius gives errors
with the dictionary files. Since I don't quite understand them, I thought better
try to reconfigure the new version then just copy over configuration
files.
Now I have the new
version running/authenticating. The problem is Im missing some data, I
think. When I authenticate (using NTRadPing) off the old server, I
get
Sending
authentication request to server 111.111.111.111:1812
Transmitting packet,
code =1 id=4 length=67
received response
from the server in 10 miliseconds
reply packet code=2
id=4 length=174
response:
Access-Accept
-----------------------------------attribute dump
----------------------------------------------
Service-Type=Framed
Framed-Protocol=PPP
Ascend-Data-Filter=\0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00
(repeated
lines)
Ascent-Assign-IP-Pool=0
When I try against
the new one, I get only the lines to "--attribute dump--", but I
do get a correct auth. I know that part works because if I change the
uname/password to wrong, it doesnt work. So it is correctly checking against
LDAP. But I get none of the lower lines. I know the process is not quite
right as If I add the lines to my hints file (which exists on the old
server)
DEFAULT Suffix == "@dial.dsl.net", Strip-User-Name =
Yes
Hint = "UUNetDial"
Hint = "UUNetDial"
then I get nothing
working. If I comment out those lines, I can authenticate, but with no extra
info. (Which I assume is part of the problem.) If I comment the hints
lines out, I get this in the output of radiusd
rlm_ldap: Bind was
successful
rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=radius%dsl.net))
rlm_ldap: checking if remote access for radius%dsl.net is allowed by dslnRadiusProfile
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radius%dsl.net authorized to use remote access
rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=radius%dsl.net))
rlm_ldap: checking if remote access for radius%dsl.net is allowed by dslnRadiusProfile
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radius%dsl.net authorized to use remote access
if I leave those
lines in the hints, it loses the uid, as shown below...
rlm_ldap: Bind was
successful
rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=_))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=_))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
So, what I need to
know is, why does the hint lines make the uid get stripped? Im guessing the
system somewhere else is also doing a strip, and so the double means no UID gets
there? Is there any "radius for dummies"? I think Im getting lost as to
which process happens when during the process,ie: when does the hints vs clients
vs users files come into play.
Thanks for any
help!
Nick
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html