Hello,
I use Freeradius 0.6 with an LDAP server.
I need to use hints to match different default profiles.
Example:
mylogin@PROFILE1 to match profile1
mylogin to match default_profile
Everything is ok when I use a login with a hint: the username is
stripped and correctly
passed to the LDAP module for authentication using the "%U" variable.
The problem is when I don't use any hint in my login: the stripped
username is transformed in a strange "_" when passed to LDAP
authentication.
See debug outputs below.
Do you have an idea what I'm doing wrong?
Thanks for your help.
Francois.
---- WORKING WITH @PROFILE1 HINT ----
rad_recv: Access-Request packet from host a.b.c.d:1164, id=25, length=98
User-Name = "mylogin@PROFILE1"
User-Password = "..."
NAS-Port = 1062
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = "x.x.x.x"
NAS-IP-Address = a.b.c.d
NAS-Port-Type = Virtual
modcall: entering group authorize
hints: Matched DEFAULT at 66
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "files" returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mylogin
radius_xlat: '(uid=mylogin)'
radius_xlat: 'dc=subdomain,dc=domain,dc=toplevel'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-server:389, authentication 0
rlm_ldap: bind as /
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=subdomain,dc=domain,dc=toplevel, with
filter (uid=mylogin)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user mylogin authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authtype
rlm_ldap: - authenticate
...
rlm_ldap: user mylogin authenticated succesfully
modcall[authenticate]: module "ldap" returns ok
modcall: group authtype returns ok
-----------------------------------------------------------
-------- NOT WORKING -------------
rad_recv: Access-Request packet from host a.b.c.d:1164, id=24, length=98
User-Name = "mylogin"
User-Password = "..."
NAS-Port = 1062
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = "X.X.X.X"
NAS-IP-Address = a.b.c.d
NAS-Port-Type = Virtual
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "files" returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mylogin
radius_xlat: '(uid=_)'
radius_xlat: 'dc=subdomain,dc=domain,dc=toplevel'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-server:389, authentication 0
rlm_ldap: bind as /
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=subdomain,dc=domain,dc=toplevel, with
filter (uid=_)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound
modcall: group authorize returns notfound
auth: No Auth-Type configuration for the request, rejecting the user
auth: Failed to validate the user.
---------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
