On 26 Jun 2013, at 16:49, Mathieu Simon <mathieu....@gmail.com> wrote:
> G'day all > > I've been working with Mihailo on this matter although he's been more into it > I try to provide the data you ask for: > > Prelude: > A Samba-disabled user has the following sambaAcctFlags in the LDAP Directory > during an ldapsearch i.e.: > The user kw978 used for this is a disabled user and thus ldapsearch lists: > sambaAcctFlags: [UD ] > A not-disabled user would have: sambaAcctFlags: [U ] > > The radtest command used was: > radtest -x kw978 TestRadius1234$ localhost 10 testing123 > > Now what follows is the output of 'freeradius -X' with the authentication > test. > Using '-t mschap' doesn't change anything so I guess testing with PAP is > (yet?) ok. > > I hope that help shedding some light - as you can see base_filter is read > while starting the daemon, > but no matter what is set in base_filter, even invalid stuff, it's simply > going to get ignored. > > The server does LDAP group matching with if-else unlang statements - removing > them > didnt change the behaviour so I don't think they're the cause. Weird. Well if no one on the list can spot an obvious issue it's probably worth upgrading to 3.0.0 and using the module there. It's much better. else, have you tried the same query with something like ldapsearch? Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
