> Hi! > > I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor > I am using the ldap.attrmap for mapping ldapentries to radiusattributes. > Everything is configured correctly, mapping works. For example, I added > a radiusAuthType with value REJECT and I couldn't authenticate. Even > other entries works!! > > But for some reason, I have to add a NAS-Identifier to my > ldap-attributes and that does NOT work! :-( > > Adding a NAS-Identifier to the users-file works, for example: > steve Auth-Type := Local, User-Password == "testing", NAS-Identifier > == "chilli" > Reply-Message = "Hello %u" > This line let's the user steve only authenticate, if there is a > NAS-Identifier="chilli" in the access request!
Why are you putting Auth-Type := Local? I don't understand the reason for that. > > Why doesn't it work with ldap? I added it to the ldap.attrmap-file, as > a checkitem: > checkItem NAS-Identifier radiusNASIdentifier > I also extended the radius-ldap-schema for radiusNASIdentifier, and even > > > It seems that my freeradius ignores this attribut!! :-( > > Has anyone ideas? > thxs > regards > peda > > PS: radius-logfile-output: > Following ldap entry exists: > dn:uid=testuser,ou=radius,dc=xxx,dc=xxx > > uid: testuser > cn: testuser > objectClass: radiusprofile > account > radiusNASIdentifier: vpn > > In the Access-Request NAS-Identifier is chilli, so I shouldn't get > authenticated, right? > > ... > rlm_ldap: LDAP radiusnasidentifier mapped to RADIUS NAS-Identifier > ... > rlm_ldap: Adding radiusnasidentifier as NAS-Identifier, value vpn & op=21 > ... > rad_recv: Access-Request packet from host 127.0.0.1:1052, id=0, length=200 > User-Name = "testuser" > User-Password = "123456" > NAS-IP-Address = 0.0.0.0 > Service-Type = Login-User > Framed-IP-Address = 192.168.100.2 > Calling-Station-Id = "00-11-43-68-B6-C7" > Called-Station-Id = "00-00-21-D7-27-EA" > NAS-Identifier = "chilli" > Acct-Session-Id = "426371ac00000000" > NAS-Port-Type = Wireless-802.11 > NAS-Port = 0 > Message-Authenticator = 0x639366a805ea2fa073720e2f5427bf7f > WISPr-Logoff-URL = "http://192.168.100.1:3990/logoff" > Processing the authorize section of radiusd.conf > Where is the rest of the debug output? We can't see where it went wrong? My guess (just a guess) is that its matching something in your users file that is letting it through. Please post all of your debug. Also, try taking out where you defined Auth-Type := Local. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html