RE: ldap huntgroups and groups

[alan walters]

So I have groups working fine now if the client is in a group all is ok. as per the example below the client is not in a group. At the bottom is the  users file. Is there a reason why the client does not get a accept-reject ????     rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to 10.250.1.25:389, authentication 0 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap::groupcmp: Group lisdoonvarna not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap::ldap_groupcmp: User found in group ballyvaughan rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap::groupcmp: Group doolin not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap::groupcmp: Group fanore not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to 10.250.1.25:389, authentication 0 rlm_ldap: bind as cn=manager,dc=radiowave,dc=net/23ldap11safe to 10.250.1.25:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: checking if remote access for [EMAIL PROTECTED] is allowed by dialupAccess rlm_ldap: Added password porsche959 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusLoginIPHost as Login-IP-Host, value 10.4.230.210 & op=11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.0 & op=11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 10.4.230.10 & op=11 rlm_ldap: user [EMAIL PROTECTED] authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client m0n01 port 0 cli 10.250.1.229) Sending Access-Accept of id 185 to 10.250.1.1:52134         Login-IP-Host = 10.4.230.210         Framed-IP-Netmask = 255.255.255.0         Framed-IP-Address = 10.4.230.10         MS-CHAP2-Success = 0x01533d30353146304237463430424541444331363434393131433041383634453832414236423543384433         MS-MPPE-Recv-Key = 0xf4c68b3146e2f01275bfbb343f6b7155         MS-MPPE-Send-Key = 0xf65092b2b572fa48c0bf2c14b8a1ebe6         MS-MPPE-Encryption-Policy = 0x00000001         MS-MPPE-Encryption-Types = 0x00000006 rad_recv: Accounting-Request packet from host 10.250.1.1:60954, id=213, length=158         NAS-Identifier = "radiowave-fw.radiowave.local"         NAS-Port = 0         NAS-Port-Type = Virtual         Service-Type = Framed-User         Framed-Protocol = PPP         Calling-Station-Id = "10.250.1.229"         User-Name = "[EMAIL PROTECTED]"         Framed-IP-Address = 10.250.4.96         Acct-Status-Type = Start         Acct-Session-Id = "7007248-pt0"         Acct-Multi-Session-Id = "7007248-pt0"         Acct-Link-Count = 1         Acct-Authentic = RADIUS     ################################################################################ #      default auth to get radius with ldap to work #################################################################################### DEFAULT       Ldap-Group == lisdoonvarna, Huntgroup-Name == internet, User-Profile := "cn=lisdoonvarna,ou=profiles,o=radius,dc=radiowave,dc=net", Simultaneous-Use := 2        Fall-Through = 1   DEFAULT       Ldap-Group == ballyvaughan, Huntgroup-Name == internet, User-Profile := "cn=ballyvaughan,ou=profiles,o=radius,dc=radiowave,dc=net", Simultaneous-Use := 2       Fall-Through = 1   DEFAULT       Ldap-Group == doolin, Huntgroup-Name == internet, User-Profile := "cn=doolin,ou=profiles,o=radius,dc=radiowave,dc=net", Simultaneous-Use := 2        Fall-Through = 1   DEFAULT       Ldap-Group == fanore, Huntgroup-Name == internet, User-Profile := "cn=fanore,ou=profiles,o=radius,dc=radiowave,dc=net", Simultaneous-Use := 2        Fall-Through = 1   ######################################################################### ###  default ldap group does not succeed ##########################################################################   DEFAULT       Auth-Type := Reject, Reply-Message = "sorry you are not allowred to dial in here", Simultaneous-Use := 0