add that in (actually tried that before as well), still does not work,
but the logging looks a little different now:
*****
[ldap] performing user authorization for marguin2
[ldap] expand: (uid=%u) -> (uid=marguin2)
[ldap] expand: ou=people,dc=currensee,dc=com ->
ou=people,dc=currensee,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=currensee,dc=com, with
filter (uid=marguin2)
[ldap] checking if remote access for marguin2 is allowed by radiusFilterId
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Password-With-Header == "{CRYPT}tGS8HbszeyDmM"
[ldap] looking for reply items in directory...
rlm_ldap: radiusFilterId -> Filter-Id = "wireless"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user marguin2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
*****
so now the password is not clear text in the log as it was before but
still seeing that no good password error....but then there is that line
towards the bottom that sasys user authorized to use remote access... do
i need to configure Filter-Id or something in the sites-enabled/default
or innertunnel or something like that?
-m
On 10/31/2011 12:19 PM, freeradius-users-requ...@lists.freeradius.org
wrote:
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: cisco WAP/FreeRadius/OpenLDAP (Phil Mayers)
2. RE: IPv6 ready? (Sergio NNX)
3. Re: IPv6 ready? (Phil Mayers)
4. RE: IPv6 ready? (Sergio NNX)
5. Re: IPv6 ready? (Phil Mayers)
6. Re: IPv6 ready? (Johan Meiring)
7. RE: IPv6 ready? (Sergio NNX)
----------------------------------------------------------------------
Message: 1
Date: Mon, 31 Oct 2011 14:53:02 +0000
From: Phil Mayers<p.may...@imperial.ac.uk>
Subject: Re: cisco WAP/FreeRadius/OpenLDAP
To: freeradius-users@lists.freeradius.org
Message-ID:<4eaeb64e.5080...@imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 31/10/11 14:03, Matthew Arguin wrote:
Phil,
I just confirmed that it is tagged with the {CRYPT} or {SHA} (i have
tried both). also, i changed the user that is binding to be the manager
CN which has full access to the ldap for mod etc to rule that out.
Ah. I've just seen that you are running 2.1.7 from your original email.
The default LDAP attribute mappings were updated after that version to
include this line in "ldap.attrmap":
checkitem Password-With-Header userPassword
...you should:
a. Add that line to your "ldap.attrmap", see if it makes any difference
b. Plan an upgrade to 2.1.12
------------------------------
Message: 2
Date: Mon, 31 Oct 2011 15:32:07 +0000
From: Sergio NNX<sfhac...@hotmail.com>
Subject: RE: IPv6 ready?
To:<freeradius-users@lists.freeradius.org>
Message-ID:<bay147-w5460081d972a7b951d126cc...@phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
Thank you all for your help. I added two more listen blocks in radiusd.conf and
I updated detail { ... with the following:
%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but .....
(there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address
value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes :
${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log
but FR crashes since it cannot create a folder with that name. Is there any way
of overcoming this issue? replace : with . or so???
Thanks again for your help.
Sergio.
Date: Mon, 31 Oct 2011 08:52:46 +0000
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: IPv6 ready?
Hi,
Just wondering if FR supports IPv6 addresses since I'm unable to start the
server when using IPv6.
yes. we use it fine with IPv6 - both receiving and sending RADIUS packets.
Another question is: are you aware of any (client) tool for testing FR
when using IPv6 addresses? eapol_test doesn't seem to know anything about
:: or ::1
eapol_test - use hostnames (eg in /etc/hosts ?) ?
Do the below lines from radiusd.conf require any change when IPv6?
...
...
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log
yes, Client-IP-Address doesnt exist in IPv6 world - you can use one of the
source
address attributes instead
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111031/af34ae26/attachment.html>
------------------------------
Message: 3
Date: Mon, 31 Oct 2011 15:46:47 +0000
From: Phil Mayers<p.may...@imperial.ac.uk>
Subject: Re: IPv6 ready?
To: freeradius-users@lists.freeradius.org
Message-ID:<4eaec2e7.20...@imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 31/10/11 15:32, Sergio NNX wrote:
Thank you all for your help. I added two more listen blocks in
radiusd.conf and I updated detail { ... with the following:
%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but
..... (there's always a but). if we use an IPv6 address, then
Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0,
and the path becomes :
${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log
but FR crashes since it cannot create a folder with that name. Is there
any way of overcoming this issue? replace : with . or so???
Really? Which OS?
There's no built-in xlat that allows you to do a substitute; you'll have
to use rlm_perl or rlm_python, or an exec script, to translate the name.
------------------------------
Message: 4
Date: Mon, 31 Oct 2011 15:58:35 +0000
From: Sergio NNX<sfhac...@hotmail.com>
Subject: RE: IPv6 ready?
To:<freeradius-users@lists.freeradius.org>
Message-ID:<bay147-w12f047cd2d7b8351888b32cc...@phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"
Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw
know if it works?
Date: Mon, 31 Oct 2011 15:46:47 +0000
From: p.may...@imperial.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: IPv6 ready?
On 31/10/11 15:32, Sergio NNX wrote:
Thank you all for your help. I added two more listen blocks in
radiusd.conf and I updated detail { ... with the following:
%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but
..... (there's always a but). if we use an IPv6 address, then
Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0,
and the path becomes :
${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log
but FR crashes since it cannot create a folder with that name. Is there
any way of overcoming this issue? replace : with . or so???
Really? Which OS?
There's no built-in xlat that allows you to do a substitute; you'll have
to use rlm_perl or rlm_python, or an exec script, to translate the name.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111031/adfd0635/attachment.html>
------------------------------
Message: 5
Date: Mon, 31 Oct 2011 16:08:21 +0000
From: Phil Mayers<p.may...@imperial.ac.uk>
Subject: Re: IPv6 ready?
To: freeradius-users@lists.freeradius.org
Message-ID:<4eaec7f5.5090...@imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 31/10/11 15:58, Sergio NNX wrote:
Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and
let mw know if it works?
I can tell you for absolute certain it won't without even having to try.
It's a Windows limitation.
------------------------------
Message: 6
Date: Mon, 31 Oct 2011 18:08:52 +0200
From: Johan Meiring<jmeir...@pcservices.co.za>
Subject: Re: IPv6 ready?
To: freeradius-users@lists.freeradius.org
Message-ID:<4eaec814.2050...@pcservices.co.za>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 2011/10/31 05:58 PM, Sergio NNX wrote:
Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw
know if it works?
C:\junk>mkdir 0:0:0:0:0:0:0:0
The system cannot find the drive specified.
C:\junk>mkdir '0:0:0:0:0:0:0:0'
The filename, directory name, or volume label syntax is incorrect.
C:\junk>mkdir "0:0:0:0:0:0:0:0"
The system cannot find the drive specified.
C:\junk>mkdir 0\:0\:0\:0\:0\:0\:0\:0
The filename, directory name, or volume label syntax is incorrect.
Why not simply remove the Ip address from the log path?
Do they HAVE to be in directories with the IP address as part of the name?
Cheers,
--
Matthew Arguin
Currensee, Inc.
54 Canal St, 4th Floor
Boston, MA 02114
(617) 986-4758 (Office)
_________________________________________________________________________
This email and any files transmitted with it are confidential and intended
solely for the addressee. If you received this email in error, please do not
disclose the contents to anyone; kindly notify the sender by return email and
delete this email and any attachments from your system.
© 2011 Currensee Inc. is a member of the National Futures Association (NFA)
Member ID 0403251 | Over the counter retail foreign currency (Forex) trading
may involve significant risk of loss. It is not suitable for all investors and
you should make sure you understand the risks involved before trading and seek
independent advice if necessary. Performance, strategies and charts shown are
not necessarily predictive of any particular result and past performance is no
indication of future results. Investor returns may vary from Trade Leader
returns based on slippage, fees, broker spreads, volatility or other market
conditions.
Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
