Hi everybody ! I've configured freeradius with an ldap backend. I had to create new attributes that are sent correctly in the reply. But when i try to put these attributes in the "update coa", the value of these variable are empty. I've tried the syntax %<reply>Attribute-Name but it's still empty. Here the debug output if someone can give me a hint :
... adding new socket proxy address * port 54865 ... adding new socket proxy address * port 44764 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 43501, id=62, length=93 User-Name = "testuser" User-Password = "mypasswd" NAS-IP-Address = 172.20.13.27 NAS-Port = 0 Framed-IP-Address = 192.168.1.5 Acct-Session-Id = "539848" Message-Authenticator = 0x92985a75e680a1d422ceb47ba117ea62 # Executing section authorize from file /etc/freeradius/sites-enabled/wol +- entering group authorize {...} ++[preprocess] returns ok [chocoldap] performing user authorization for testuser [chocoldap] expand: %{Stripped-User-Name} -> [chocoldap] ... expanding second conditional [chocoldap] expand: %{User-Name} -> testuser [chocoldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testuser) [chocoldap] expand: ou=wol,dc=labingesys,dc=lan -> ou=wol,dc=labingesys,dc=lan [chocoldap] ldap_get_conn: Checking Id: 0 [chocoldap] ldap_get_conn: Got Id: 0 [chocoldap] attempting LDAP reconnection [chocoldap] (re)connect to 172.20.13.25:389, authentication 0 [chocoldap] bind as cn=admin,dc=labingesys,dc=lan/chocolab to 172.20.13.25:389 [chocoldap] waiting for bind result ... [chocoldap] Bind was successful [chocoldap] performing search in ou=wol,dc=labingesys,dc=lan, with filter (uid=testuser) [chocoldap] checking if remote access for testuser is allowed by uid [chocoldap] Added User-Password = mypasswd in check items [chocoldap] No default NMAS login sequence [chocoldap] looking for check items in directory... [chocoldap] userPassword -> Password-With-Header == "mypasswd" [chocoldap] looking for reply items in directory... [chocoldap] AlcSLAProfStr -> Alc-SLA-Prof-Str = "sla-profile2" [chocoldap] AlcSubscProfStr -> Alc-Subsc-Prof-Str = "sub-profile1" [chocoldap] user testuser authorized to use remote access [chocoldap] ldap_release_conn: Release Id: 0 ++[chocoldap] returns ok ++[chap] returns noop [pap] Config already contains "known good" password. Ignoring Password-With-Header ++[pap] returns updated expand: %{User-Name} -> testuser expand: %{Acct-Session-Id} -> 539848 expand: %{NAS-IP-Address} -> 172.20.13.27 expand: %{Framed-IP-Address} -> 192.168.1.5 expand: %{Alc-Subsc-Prof-Str#} -> expand: %{Alc-SLA-Prof-Str} -> ++[coa] returns updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/wol +- entering group PAP {...} [pap] login attempt with password "mypasswd" [pap] Using clear text password "mypasswd" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/wol +- entering group post-auth {...} ++[chocoldap] returns noop Sending Access-Accept of id 62 to 127.0.0.1 port 43501 Alc-SLA-Prof-Str = "sla-profile2" Alc-Subsc-Prof-Str = "sub-profile1" # Executing section pre-proxy from file /etc/freeradius/sites-enabled/wol +- entering group pre-proxy {...} [pre_proxy_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20120829 [pre_proxy_log] /var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20120829 [pre_proxy_log] expand: %t -> Wed Aug 29 14:12:29 2012 ++[pre_proxy_log] returns ok Sending CoA-Request of id 238 to 80.236.127.146 port 3799 User-Name = "testuser" Acct-Session-Id = "539848" NAS-IP-Address = 172.20.13.27 Framed-IP-Address = 192.168.1.5 Alc-Subsc-Prof-Str = "" Alc-SLA-Prof-Str = "" Finished request 0. Going to the next request Waking up in 1.9 seconds. Sending CoA-Request of id 238 to 80.236.127.146 port 3799 User-Name = "testuser" Acct-Session-Id = "539848" NAS-IP-Address = 172.20.13.27 Framed-IP-Address = 192.168.1.5 Alc-Subsc-Prof-Str = "" Alc-SLA-Prof-Str = "" Waking up in 3.0 seconds. Cleaning up request 0 ID 62 with timestamp +9 Waking up in 0.7 seconds. Sending CoA-Request of id 238 to 80.236.127.146 port 3799 User-Name = "testuser" Acct-Session-Id = "539848" NAS-IP-Address = 172.20.13.27 Framed-IP-Address = 192.168.1.5 Alc-Subsc-Prof-Str = "" Alc-SLA-Prof-Str = "" Waking up in 7.6 seconds Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html