hi , the ldap.attrmap is : checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem
checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse checkItem Called-Station-Id radiusCalledStationId checkItem Calling-Station-Id radiusCallingStationId checkItem LM-Password lmPassword checkItem NT-Password ntPassword checkItem SMB-Account-CTRL-TEXT acctFlags checkItem Expiration radiusExpiration checkItem Ldap-Group radiusGroupName replyItem Service-Type radiusServiceType replyItem Framed-Protocol radiusFramedProtocol replyItem Framed-IP-Address radiusFramedIPAddress replyItem Framed-IP-Netmask radiusFramedIPNetmask replyItem Framed-Route radiusFramedRoute ldif: dn: uid=brianlk,ou=dialup,o=test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: inetLocalMailRecipient objectClass: radiusprofile objectClass: posixAccount objectClass: PureFTPdUser sn: brianlk ou: dialup description:: IFBQUF9VWFBX uid: brianlk uidNumber: 15385 gidNumber: 1001 homeDirectory: /home/brianlk loginShell: /sbin/nologin userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI= cn: brianlk radiusCalledStationId: 123456 debug: rlm_ldap: waiting for bind result ... rlm_ldap: performing search in o=test, with filter (uid=brianlk) rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 & op=21 rlm_ldap: looking for reply items in directory... Invalid operator for item User-Password: reverting to '==' rlm_ldap: Pairs do not match. Rejecting user. ldap_release_conn: Release Id: 0 modcall[authorize]: module "LDAP1" returns reject modcall: group redundant returns reject modcall: group authorize returns reject Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client localhost port 10) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 119 to 127.0.0.1:33242 Brian ----- Original Message ----- From: "Dustin Doris" <[EMAIL PROTECTED]> To: "freeradius" <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 9:22 PM Subject: Re: check item problem > Sorry, I see that you are using ldap, so you probably don't want to list > the users in the users file as well. If you enable compare_check_items, > then all the check items that come in should match what's in the ldap > directory. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html