Hello, I use Freeradius 0.6 with an LDAP server.
I need to use hints to match different default profiles. Example: mylogin@PROFILE1 to match profile1 mylogin to match default_profile Everything is ok when I use a login with a hint: the username is stripped and correctly passed to the LDAP module for authentication using the "%U" variable. The problem is when I don't use any hint in my login: the stripped username is transformed in a strange "_" when passed to LDAP authentication. See debug outputs below. Do you have an idea what I'm doing wrong? Thanks for your help. Francois. ---- WORKING WITH @PROFILE1 HINT ---- rad_recv: Access-Request packet from host a.b.c.d:1164, id=25, length=98 User-Name = "mylogin@PROFILE1" User-Password = "..." NAS-Port = 1062 Service-Type = Framed-User Framed-Protocol = PPP Tunnel-Client-Endpoint:0 = "x.x.x.x" NAS-IP-Address = a.b.c.d NAS-Port-Type = Virtual modcall: entering group authorize hints: Matched DEFAULT at 66 modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "files" returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for mylogin radius_xlat: '(uid=mylogin)' radius_xlat: 'dc=subdomain,dc=domain,dc=toplevel' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap-server:389, authentication 0 rlm_ldap: bind as / rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=subdomain,dc=domain,dc=toplevel, with filter (uid=mylogin) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user mylogin authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type LDAP auth: type "Ldap" modcall: entering group authtype rlm_ldap: - authenticate ... rlm_ldap: user mylogin authenticated succesfully modcall[authenticate]: module "ldap" returns ok modcall: group authtype returns ok ----------------------------------------------------------- -------- NOT WORKING ------------- rad_recv: Access-Request packet from host a.b.c.d:1164, id=24, length=98 User-Name = "mylogin" User-Password = "..." NAS-Port = 1062 Service-Type = Framed-User Framed-Protocol = PPP Tunnel-Client-Endpoint:0 = "X.X.X.X" NAS-IP-Address = a.b.c.d NAS-Port-Type = Virtual modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "files" returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for mylogin radius_xlat: '(uid=_)' radius_xlat: 'dc=subdomain,dc=domain,dc=toplevel' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap-server:389, authentication 0 rlm_ldap: bind as / rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=subdomain,dc=domain,dc=toplevel, with filter (uid=_) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound modcall: group authorize returns notfound auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. --------------------------------------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html