Works well (on debug). But I've juste two more questions: 1. I would like to have a catch all definition if suppannaffectation gives a non existing pool-name  I put this in users:  DEFAULT Service-Type == Framed-User, Pool-Name := "DEF_pool"  Framed-MTU = 1500,  Fall-Through = Yes  but didn't work 2. I would like the pool-name to be case insensitive, so it will work for SCECO or ScEco Is it possible?. Dustin Doris a ÃcritÂ: What happens if you do this. Add the following to ldap.attrmapcheckItem Pool-Name supannaffectation Then remove all those users file entries with Ldap-Group, so it just does an LDAP lookup, not specifically matching on groups. This should pool the supannafecction attribute from ldap and make that the Pool-Name check item, which should then fire ippool. -Dusty Doris On Thu, 18 Nov 2004, LALOT Dominique wrote:Thanks for all, because it's starting to work. But: I noticed that I call ldap for each group before founding the right one. An for me the group name is just an ldap attr to read. Then when finding the group, for the IP pool, I have to read all the pools even when it return ok. Hopefully, I have less than 10 groupes!. groupmembership is supannaffectation. Is there something else to do?. Thanks dom users: DEFAULT Ldap-Group == IUT, Pool-Name := "IUT_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == Medecine, Pool-Name := "Medecine_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == ESIL, Pool-Name := "Esil_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == Pharo, Pool-Name := "Pharo_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == Sciences, Pool-Name := "Sciences_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == Pharmacie, Pool-Name := "Pharmacie_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == OSU, Pool-Name := "OSU_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == IM2, Pool-Name := "IM2_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Ldap-Group == STAPS, Pool-Name := "STAPS_pool" Service-Type == Framed-User, Fall-Through = no rlm_ldap: user fred authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ-mrs,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=ScEco)(uid=fred)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=fred,ou=people,ou=u2,dc=univ,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group ScEco not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ-mrs,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=IUT)(uid=fred)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=fred,ou=people,ou=u2,dc=univ,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group IUT not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ-mrs,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=Medecine)(uid=fred)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=fred,ou=people,ou=u2,dc=univ,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group Medecine not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ-mrs,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=ESIL)(uid=fred)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=fred,ou=people,ou=u2,dc=univ,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group ESIL not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=Pharo)(uid=fred)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in uid=fred,ou=people,ou=u2,dc=univ,dc=fr, with filter (objectclass=*) rlm_ldap::groupcmp: Group Pharo not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=people,ou=u2,dc=univ,dc=fr' radius_xlat: '(uid=fred)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,ou=u2,dc=univ,dc=fr, with filter (&(supannaffectation=Sciences)(uid=fred)) rlm_ldap::ldap_groupcmp: User found in group Sciences rlm_ldap: ldap_release_conn: Release Id: 0 modcall: entering group post-auth for request 2 modcall[post-auth]: module "ScEco_pool" returns noop for request 2 modcall[post-auth]: module "IUT_pool" returns noop for request 2 modcall[post-auth]: module "Medecine_pool" returns noop for request 2 modcall[post-auth]: module "Esil_pool" returns noop for request 2 modcall[post-auth]: module "Pharo_pool" returns noop for request 2 rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/1813 rlm_ippool: Found a stale entry for ip/port: 139.124.210.71/1813 rlm_ippool: num: 0 rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/1813 rlm_ippool: Allocating ip to nas/port: 255.255.255.255/1813 rlm_ippool: num: 1 rlm_ippool: Allocated ip 139.124.210.55 to client on nas 255.255.255.255,port 1813 modcall[post-auth]: module "Sciences_pool" returns ok for request 2 modcall[post-auth]: module "Pharmacie_pool" returns noop for request 2 modcall[post-auth]: module "OSU_pool" returns noop for request 2 modcall[post-auth]: module "IM2_pool" returns noop for request 2 modcall[post-auth]: module "STAPS_pool" returns noop for request 2 modcall[post-auth]: module "DEF_pool" returns noop for request 2 modcall: group post-auth returns ok for request 2You'll still need to configure the ippool modules and include those in the accounting section and post-auth section. Forgot to include that in the last email. A radiusd -X will show you exactly what is going on. If it doesn't work, please post that to the list will all output. ie: accounting { ... u2labo u3labo ... } post_auth { ... u2labo u3labo ... } On Wed, 17 Nov 2004, LALOT Dominique wrote:Thanks, I have to leave, but the quick and last test I did with your advice, gave me bad results. See tomorrow.. Using radtest, I don't get any IP, and there is very little doc about ippool and the way it works. I suppose that the NAS is completely relying on radius for IP delivery. I'm wondering what happen in case of the failure of the main radius server. Dom Dustin Doris a ïcrit :Hello all, I've spent quite a long time trying to understand how freeradius works and trying to get everything I want working. I am using Openldap since 2001 and I've no problems to understand LDAP as I wrote many programs around LDAP. In fact I don't understand how groups are working under radius. My aim: I would like to distribute different IP pool for users. The best for me: In the users DN, we already have an attribute for a laboratory, ie u2labo I would like to say: 1. authenticate the user in ldap (works ok) 2. Get the attribute u2labo 3 use that value to get the ip range (somewhere even outside ldap (users)) to distribute the IP. I've tried many configurations without success. The debugging of ldap show me just bind successfull without search for groups. I tried to add radiusprofile Objectclass without success. So what is the meaning of groups in radius?. can we say: user fred attributes XXX member of group test group test the rest of attributes. Could you give me the minimum to set in conf files to get it working? Thanks Dom-- Dominique LALOT IngÃnieur SystÃme RÃseau CISCAM Pole RÃseau Università de la MÃditerranÃe http://annuaire.univ.fr/showuser.php?uid=lalot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Dominique LALOT IngÃnieur SystÃme RÃseau CISCAM Pole RÃseau Università de la MÃditerranÃe http://annuaire.univ-mrs.fr/showuser.php?uid=lalot |
- Re: help groups and LDAP LALOT Dominique
- Re: help groups and LDAP Kostas Kalevras
- Re: help groups and LDAP LALOT Dominique
- Re: help groups and LDAP Kostas Kalevras