RE: Cannot find a Domain attribute ??

Thu, 05 Sep 2002 07:19:55 -0700

To all,

I'm definately getting somewhere with this, I appreciate your input. I thoroughly read the documentation and am close. I set my Mysql table up like this for user chris.deramus

22 chris.deramus  Vendor-Specific         Microsoft      == 
23 chris.deramus  MS-CHAP-Domain      test.my.gov   == 

Then when running FreeRADIUS in debugging mode, I get this with an incoming request. As you can see in bold, it's passing the MS-CHAP-Domain in the Access Accept, however it doesn't seem to be passing to my client laptop. Maybe it's a problem with my MySQL table, maybe its a problem with how I have MS-CHAP loaded in radiusd.conf

rlm_sql: Released sql socket id: 8
  modcall[authorize]: module "sql" returns ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
  modcall[authorize]: module "counter" returns noop
    users: Matched DEFAULT at 141
  modcall[authorize]: module "files" returns ok
  modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type PAP
auth: type "PAP"
modcall: entering group authtype
rlm_pap: login attempt by "chris.deramus" with password xxxxxxx
rlm_pap: Using password 690d96285de94b9e7138e3d9d687ce3e for user chris.deramus authentication.
rlm_pap: Using MD5 encryption.
rlm_pap: User authenticated succesfully
  modcall[authenticate]: module "pap" returns ok
modcall: group authtype returns ok
Login OK: [chris.deramus/xxxxxxxx] (from client 192.168.0.2 port 1008)
Sending Access-Accept of id 2 to 192.168.0.2:1026
        Framed-IP-Address = 192.168.1.20
        Vendor-Specific = 0x4d6963726f736f6674
        MS-CHAP-Domain = "test.my.gov"

I bolded the sections that I found to be of interest, I'm assuming the returned noop means that the module isn't loaded, or isn't doing anything? I have the MS-CHAP module loaded in the authorization section, should it be loaded in a different section of radiusd.conf ?
 
Thanks for the help and patience.
 
Chris



-----Original Message-----
From: Alan DeKok [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 22, 2002 9:58 AM
To: [EMAIL PROTECTED]
Subject: Re: Cannot find a Domain attribute ??


"Deramus, Chris" <[EMAIL PROTECTED]> wrote:
> Sorry for the confusion, I meant I have to return that Domain attribute to
> the NAS, we have different program offices with resources on different
> domains.

  You can return the MS-CHAP-Domain domain attribute in the
Access-Accept.

 Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to