At 11:56 AM 5/31/2002 +1200, Allister Maguire wrote:
>Hello,
>
>We are using realm's, but when a user is autherize and authenticated the
>realm is not removed.
>
>Regards
>Allister Maguire
>
>
>DEBUG:
>
>rad_recv: Access-Request packet from host 127.0.0.1:32853, id=22,
>length=68
>Thread 3 assigned request 2
>--- Walking the entire request list ---
>Cleaning up request 1 ID 18 with timestamp 3cf6b8b2
>Nothing to do. Sleeping until we see a request.
>Thread 3 handling request 2, (1 handled so far)
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "@\022kJ\363\rY\267\346\313\214"(\245\306\200"
> NAS-IP-Address = 255.255.255.255
> NAS-Port-Id = "1"
>modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "suffix" returns ok
> users: Matched DEFAULT at 1
> modcall[authorize]: module "files" returns ok
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for ssaint
>radius_xlat: '([EMAIL PROTECTED])'
>radius_xlat: 'ou=People,ou=XXX,ou=XXX,dc=XXX,dc=XXX,dc=XX'
>ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in
>ou=People,ou=XXX,ou=XXX,dc=XXX,dc=XXX,dc=XX, with filter
>([EMAIL PROTECTED])
>rlm_ldap: object not found or got ambiguous search result
>rlm_ldap: search failed
>ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns notfound
If this is the problem you are talking about, you can configure LDAP
to use a different attribute ( Stripped-User-Name I believe ) rather
than the full User-Name.
If that's not what you want, please provide more detail on what you are
expecting to happen.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
