At 11:56 AM 5/31/2002 +1200, Allister Maguire wrote: >Hello, > >We are using realm's, but when a user is autherize and authenticated the >realm is not removed. > >Regards >Allister Maguire > > >DEBUG: > >rad_recv: Access-Request packet from host 127.0.0.1:32853, id=22, >length=68 >Thread 3 assigned request 2 >--- Walking the entire request list --- >Cleaning up request 1 ID 18 with timestamp 3cf6b8b2 >Nothing to do. Sleeping until we see a request. >Thread 3 handling request 2, (1 handled so far) > User-Name = "[EMAIL PROTECTED]" > User-Password = "@\022kJ\363\rY\267\346\313\214"(\245\306\200" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "1" >modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "suffix" returns ok > users: Matched DEFAULT at 1 > modcall[authorize]: module "files" returns ok >rlm_ldap: - authorize >rlm_ldap: performing user authorization for ssaint >radius_xlat: '([EMAIL PROTECTED])' >radius_xlat: 'ou=People,ou=XXX,ou=XXX,dc=XXX,dc=XXX,dc=XX' >ldap_get_conn: Got Id: 0 >rlm_ldap: performing search in >ou=People,ou=XXX,ou=XXX,dc=XXX,dc=XXX,dc=XX, with filter >([EMAIL PROTECTED]) >rlm_ldap: object not found or got ambiguous search result >rlm_ldap: search failed >ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns notfound
If this is the problem you are talking about, you can configure LDAP to use a different attribute ( Stripped-User-Name I believe ) rather than the full User-Name. If that's not what you want, please provide more detail on what you are expecting to happen. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html