reply-list fed by LDAP

Tue, 31 Jan 2006 03:45:18 -0800 

Hello,

I use freeradius 1.05 with LDAP.
Now I do not use the RADIUS-LDAP-Schemata - because I think I do not need it, all teh required Information is provided by the Schema I use ( I think :-) ). Within the Schema I have an attribute szUserId which I want to return to the client. 
Now. this LDAP-attribute (szUsesrId) is mapped by ldap.attrmap to User-ID,
this Radius-attribute (User-ID) is speziufied as an reply-item in the users-file: 

DEFAULT Service-Type == Framed-User
       Framed-IP-Address = 255.255.255.254,
       Framed-MTU = 576,
       User-ID = 576,
       Fall-Through = Yes

But it does not get sent to the client.

Now my question, WHY?

Do I have to define the RADIUS-Attribute User-ID in the dictionary-file? 
If I do so, radiusd complaines this attribute is an check-item and no 
reply-item!?!?!?


my Log:


Tue Jan 31 12:22:12 2006 : Debug:   Processing the authorize section of 
radiusd.conf
Tue Jan 31 12:22:12 2006 : Debug: modcall: entering group authorize for 
request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling 
preprocess (rlm_preprocess) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
preprocess (rlm_preprocess) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module 
"preprocess" returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling chap 
(rlm_chap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
chap (rlm_chap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "chap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling mschap 
(rlm_mschap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
mschap (rlm_mschap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "mschap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling suffix 
(rlm_realm) for request 0
Tue Jan 31 12:22:12 2006 : Debug:     rlm_realm: No '@' in User-Name = 
"sz148", looking up realm NULL

Tue Jan 31 12:22:12 2006 : Debug:     rlm_realm: No such realm "NULL"

Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
suffix (rlm_realm) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "suffix" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling eap 
(rlm_eap) for request 0

Tue Jan 31 12:22:12 2006 : Debug:   rlm_eap: No EAP-Message, not doing EAP

Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
eap (rlm_eap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "eap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling files 
(rlm_files) for request 0
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 43
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 50
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 53
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
files (rlm_files) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "files" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling ldap 
(rlm_ldap) for request 0

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: - authorize

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: performing user 
authorization for sz148
Tue Jan 31 12:22:12 2006 : Debug: radius_xlat:  '(&(objectClass=szUser) 
(Userid=sz148))'

Tue Jan 31 12:22:12 2006 : Debug: radius_xlat:  'ou=AAAuser,o=Domain ,c=DE'
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: attempting LDAP reconnection

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: (re)connect to 
xxx.xxx.xxx.xxx:400, authentication 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: bind as 
cn=user,ou=allro,ou=AAAdsadm,o=doamin,c=DE/xxx to xxx.xxx.xxx.xxx:400

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: waiting for bind result ...
request 1 done
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Bind was successful

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: performing search in 
ou=AAAuser,o=domain,c=DE, with filter (&(objectClass=szUser) (Userid=sz148))

request 2 done

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: checking if remote access 
for sz148 is allowed by uid
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: looking for check items in 
directory...
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding unixPassword as 
Crypt-Password, value op=21
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szVpnPassword as 
NT-Password, value op=21
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: looking for reply items in 
directory...
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szIpAddress as 
Framed-IP-Address, value 121.23.32.20 & op=11
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szUserid as User-ID, 
value sz148 & op=11
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: user sz148 authorized to use 
remote access

Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0

Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
ldap (rlm_ldap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "ldap" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug: modcall: group authorize returns ok 
for request 0

Tue Jan 31 12:22:12 2006 : Debug:   rad_check_password:  Found Auth-Type pap
Tue Jan 31 12:22:12 2006 : Debug: auth: type "PAP"

Tue Jan 31 12:22:12 2006 : Debug:   Processing the authenticate section 
of radiusd.conf
Tue Jan 31 12:22:12 2006 : Debug: modcall: entering group Auth-Type for 
request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authenticate]: calling pap 
(rlm_pap) for request 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: login attempt by "sz148" with 
password
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: Using password "" for user 
sz148 authentication.

Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: Using CRYPT encryption.
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: User authenticated succesfully

Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authenticate]: returned 
from pap (rlm_pap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authenticate]: module "pap" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug: modcall: group Auth-Type returns ok 
for request 0
Tue Jan 31 12:22:12 2006 : Auth: Login OK: [sz148] (from client Windows 
port 0)

Sending Access-Accept of id 13 to xxx.xxx.xxx.xxx:1818
       Framed-MTU = 576
       Tunnel-Private-Group-Id:0 := "rlan79"
       Framed-IP-Address = sss.sss.sss.sss
Tue Jan 31 12:22:12 2006 : Debug: Finished request 0


Thaks in advance

Florian

--
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Martensstr. 1
91052 Erlangen
Germany

Tel.: +499131 8527813


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to