Hi Ivan, Actually in the implementation we are going to treat on the website zipcode as a password field. we are asking people to enter username and zipcode which is store in the LDAP Schema.
In the radius, I am going to receive username (User-Name) and zipcode ( User-Password). In the ldap module do query filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(entitlements=WIFILOC1)(zipcode=%{User-Password}))" and depends on the resultset, give access or reject. Please let me know if this clear and any other better way to handle this in radius. Thanks and Regards. Eric. --- [EMAIL PROTECTED] wrote: > OK, so password is not in LDAP. Where is it then? > Are you trying to > accept users without passwords? Consider using a > perl script to > implement that logic and forget about LDAP module in > Freeradius. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 4/1/2008, "Eric Martell" > <[EMAIL PROTECTED]> pi¹e: > > >Hi Alan, > > I am trying to do ldap query lookup in the > authorize > >section and after successful authorization ( if > ldap > >entry exists on search query) ....reply with > >Access-Accept if not reject. > > > >I do not want to do authentication in LDAP as we > are > >not storing "userPassword" attribute in ldap > schema. > > > >So in a way trying to do.. > > > >if(ldap search success) { > > Access-Accept > >} else { > > Access-Reject > >} > > > >Please check the thread below what Phil told me to > >do... > > > > > > > >Hi Phil, > > Here is the detail configs and logs. Please let > me > >know. > >Thanks and Regards. > > > >modules { > > ldap { > > > > server = "ldap://xxxxxxxxx:1389" > > identity = > >"uid=appuser,ou=appadm,o=entitlement" > > password = ****** > > basedn = "ou=roles,o=entitlement" > > > > dictionary_mapping = > >${raddbdir}/ldap.attrmap > > filter = > >"(&(uid=%{Stripped-User-Name:-%{User-Name}})(entitlements=WIFILOC1)(attribute1=%{User-Password}))" > > > > start_tls = no > > ldap_connections_number = 5 > > > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > > > set_auth_type = no > > } > >} > > > >authorize { > >... > >ldap > >pap > >} > > > >authenticate { > > Auth-Type PAP { > > pap > > } > > > >...... > >} > > > >In the users files > >#DEFAULT Auth-Type := Local > > #Session-Timeout = 7200, > > #Fall-Through = Yes > > > >#DEFAULT Auth-Type := System > > #Session-Timeout = 7200, > > #Fall-Through = Yes > > > > > > > >Here is the detail log. > > > > > > > >rad_recv: Access-Request packet from host > >216.2.193.1:55729, id=2, length=48 > > User-Name = "test1" > > User-Password = "11111" > > Processing the authorize section of radiusd.conf > >modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns > ok > >for request 0 > > modcall[authorize]: module "chap" returns noop > for > >request 0 > > modcall[authorize]: module "mschap" returns noop > for > >request 0 > > rlm_realm: No '@' in User-Name = "test1", > looking > >up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop > for > >request 0 > >rlm_ldap: - authorize > >rlm_ldap: performing user authorization for test1 > >radius_xlat: > >'(&(uid=test1)(entitlements=WIFILOC1)(attribute1=11111))' > >radius_xlat: 'ou=roles,o=entitlement' > >rlm_ldap: ldap_get_conn: Checking Id: 0 > >rlm_ldap: ldap_get_conn: Got Id: 0 > >rlm_ldap: attempting LDAP reconnection > >rlm_ldap: (re)connect to ldap://xxxx:1389, > >authentication 0 > >rlm_ldap: bind as > >uid=appuser,ou=appadm,o=entitlement/xxxx to > >ldap://xxxxxxx:1389 > >rlm_ldap: waiting for bind result ... > >rlm_ldap: Bind was successful > >rlm_ldap: performing search in > ou=roles,o=entitlement, > >with filter > >(&(uid=test1)(entitlements=WIFILOC1)(attribute1=11111)) > >rlm_ldap: looking for check items in directory... > >rlm_ldap: looking for reply items in directory... > >rlm_ldap: user test1 authorized to use remote > access > >rlm_ldap: ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns ok for > >request 0 > >rlm_pap: WARNING! No "known good" password found > for > >the user. Authentication may fail because of this. > > modcall[authorize]: module "pap" returns noop for > >request 0 > >modcall: leaving group authorize (returns ok) for > >request 0 > >auth: No authenticate method (Auth-Type) > configuration > >found for the request: Rejecting the user > >auth: Failed to validate the user. > >Delaying request 0 for 1 seconds > >Finished request 0 > >Going to the next request > >--- Walking the entire request list --- > >Waking up in 1 seconds... > >--- Walking the entire request list --- > >Sending Access-Reject of id 2 to 216.2.193.1 port > >55729 > >Waking up in 4 seconds... > >--- Walking the entire request list --- > >Cleaning up request 0 ID 2 with timestamp 4761660e > >Nothing to do. Sleeping until we see a request. > > > > > > > > > > > > > >--- Phil Mayers <p.mayers at imperial.ac.uk> wrote: > > > >> > > >> > rlm_ldap: user test1 authorized to use remote > >> access > >> > rlm_ldap: ldap_release_conn: Release Id: 0 > >> > modcall[authorize]: module "ldap" returns ok > for > >> > request 0 > >> > rlm_pap: WARNING! No "known good" password > found > >> for > >> > the user. Authentication may fail because of > >> this. > >> > >> That's the problem. > >> > >> Your LDAP module should be copying the LDAP > >> attribute containing the > >> password to the relevant check item. > >> > >> Slightly confusing, there are two ways to do > this: > >> > === message truncated === ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html