Re: check item problem

[Brian Leung]

hi ,

the ldap.attrmap is :
checkItem       $GENERIC$                       radiusCheckItem
replyItem       $GENERIC$                       radiusReplyItem

checkItem       Auth-Type                       radiusAuthType
checkItem       Simultaneous-Use                radiusSimultaneousUse
checkItem       Called-Station-Id               radiusCalledStationId
checkItem       Calling-Station-Id              radiusCallingStationId
checkItem       LM-Password                     lmPassword
checkItem       NT-Password                     ntPassword
checkItem       SMB-Account-CTRL-TEXT           acctFlags
checkItem       Expiration                      radiusExpiration
checkItem       Ldap-Group                      radiusGroupName

replyItem       Service-Type                    radiusServiceType
replyItem       Framed-Protocol                 radiusFramedProtocol
replyItem       Framed-IP-Address               radiusFramedIPAddress
replyItem       Framed-IP-Netmask               radiusFramedIPNetmask
replyItem       Framed-Route                    radiusFramedRoute

ldif:
dn: uid=brianlk,ou=dialup,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: radiusprofile
objectClass: posixAccount
objectClass: PureFTPdUser
sn: brianlk
ou: dialup
description:: IFBQUF9VWFBX
uid: brianlk
uidNumber: 15385
gidNumber: 1001
homeDirectory: /home/brianlk
loginShell: /sbin/nologin
userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
cn: brianlk
radiusCalledStationId: 123456

debug:
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=test, with filter (uid=brianlk)
rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 &
op=21
rlm_ldap: looking for reply items in directory...
Invalid operator for item User-Password: reverting to '=='
rlm_ldap: Pairs do not match. Rejecting user.
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "LDAP1" returns reject
modcall: group redundant returns reject
modcall: group authorize returns reject
Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client
localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 119 to 127.0.0.1:33242

Brian

----- Original Message -----
From: "Dustin Doris" <[EMAIL PROTECTED]>
To: "freeradius" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 9:22 PM
Subject: Re: check item problem


> Sorry, I see that you are using ldap, so you probably don't want to list
> the users in the users file as well.  If you enable compare_check_items,
> then all the check items that come in should match what's in the ldap
> directory.
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html