Hi again... I'm starting taking some confuse idea with this... I use 3 checkvals.
1 for Calling-Station-Id 2 for Called-Station-Id and 3 for Hints and in the Hints file.. i setup my hints domains and filter to can apply for the suffix the correct acl/pool ip. also have radiusHints and radiusFilterId in my OpenLDAP db. now.. my question is.. why if Hints is not found in radius query... continue checking the rest for the values... and with any checkvals 1 or 2 works fine.. ?? so... if some user use other hints radius do access-accept... and not the reject like callings/called-station-id who with that... works fine.. simple debug. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=gtm478) [ldap] expand: ou=institute,ou=users,dc=sld,dc=cu -> ou=institute,ou=users,dc=domain,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=institute,ou=users,dc=domain,dc=com, with filter (uid=gtm478) [ldap] performing search in cn=users.ppp,ou=profiles,ou=radius,ou=services,dc=domain,dc=com, with filter (objectclass=radiusprofile) [ldap] radiusCalledStationId -> Called-Station-Id == "999999" [ldap] radiusCalledStationId -> Called-Station-Id == "888888" [ldap] radiusCalledStationId -> Called-Station-Id == "111111" [ldap] extracted attribute Max-Monthly-Session from generic item Max-Monthly-Session := 90000 [ldap] radiusIdleTimeout -> Idle-Timeout = 300 [ldap] radiusSessionTimeout -> Session-Timeout = 7200 [ldap] radiusFramedCompression -> Framed-Compression = Van-Jacobson-TCP-IP [ldap] radiusFramedMTU -> Framed-MTU = 576 [ldap] radiusFilterId -> Filter-Id = "general.in" [ldap] radiusFramedProtocol -> Framed-Protocol = PPP [ldap] radiusServiceType -> Service-Type = Framed-User [ldap] Added User-Password = {CRYPT}$1$passwordcrypted in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{CRYPT}$1$cryptedpassword" [ldap] radiusCallingStationId -> Calling-Station-Id == "111111" [ldap] looking for reply items in directory... [ldap] user gtm478 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: 111111 rlm_checkval: Value Name: Calling-Station-Id, Value: 111111 ++[checkval1] returns ok rlm_checkval: Item Name: Called-Station-Id, Value: 88888 rlm_checkval: Value Name: Called-Station-Id, Value: 999999 rlm_checkval: Value Name: Called-Station-Id, Value: 88888 ++[checkval2] returns ok rlm_checkval: Item Name: Hint, Value: userdefault *rlm_checkval: Could not find attribute named Hint in check pairs* *++[checkval3] returns notfound* *I need to stop here.. and reject the user.. * ++? if (User-Name =~ /^(.+)@institute.domain.com/) ? Evaluating (User-Name =~ /^(.+)@institute.domain.com/) -> TRUE ++? if (User-Name =~ /^(.+)@institute.domain.com/) -> TRUE ++- entering if (User-Name =~ /^(.+)@institute.domain.com/) {...} rlm_sqlcounter: Entering module authorize code *NOT should be continue.....* the users .. logging on...ok. (with bad hints) with hints works fine. thanxs in advance... (i'm continue searching and try meanwhilte wait for this...) sorry for my bad english .. O:-) regards. -- Antonio Peña Secure email with PGP 0x8B021001 available at http://pgp.mit.edu Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html