WG: Problem conversion of User-Name
Hello, I have a Problem after converting a User-Name of the Form 27180769 to [EMAIL PROTECTED] After radius-server authorized the request i want to convert my user to an @-Form to pass it to the rlm_krb5-module for authentication, because we have different Kerberos-Realms and the Name 27180769 is probably not enough to pick the right Kerberos-Server from krb5.conf. For this shake my external Programm gives back a value Pair in the Form User-Name := [EMAIL PROTECTED], after I feed it with the LDAP-DN from the LDAP-request, to pick the right realm. It seems that the memory allocated for User-Name is not reallocated, so vals of other vars were overwritten after the program returns. here is my debug-output from radiusd -s -xx: Exec-Program: /usr/local/bin/convert.php CN=27180769,CN=Users,DC=apfelbaum,DC=de Exec-Program output: User-Name := [EMAIL PROTECTED] Exec-Program-Wait: value-pairs: User-Name := [EMAIL PROTECTED] Exec-Program: returned: 0 modcall[authorize]: module convert_name returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=apfelbaum,dc=de' radius_xlat: '(|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apf elbaum,DC=de)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=modemuser,cn=Users,dc=apfelbaum,dc=de, with filter (|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfe lbaum,DC=de))) rlm_ldap::ldap_groupcmp: User found in group cn=modemuser,cn=Users,dc=apfelbaum,dc=de rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 219 radius_xlat: 'number=08912124447 direction=outgoing' modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Kerberos auth: type Kerberos Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_krb5: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfelbaum,DC= de)`] krb5_g_i_t_w_p failed: Cannot resolve network address for KDC in requested realm modcall[authenticate]: module krb5 returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Login incorrect: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users/ROrt9670] (from client localhost port 0) a snap from radiusd.conf: exec convert_name { wait=yes program =/usr/local/bin/convert.php %{Ldap-UserDn} input_pairs = request output_pairs = request } authorize { ldap { notfound = return } convert_name files } my users-file: DEFAULT Ldap-Group == cn=modemuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3 Layer1Protocol=modem, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Ldap-Group == cn=isdnuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Auth-Type := Reject Reply-Message = Your account has been disabled. greetings Marcus Koestler Bayerisches Landeskriminalamt SG 343, Netztechnik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WG: Problem conversion of User-Name
in your /etc/krb5.conf do you have ... [realms] apfelbaum.de ={ kdc = kerberos... On Thu, 2005-10-13 at 07:58, [EMAIL PROTECTED] wrote: Hello, I have a Problem after converting a User-Name of the Form 27180769 to [EMAIL PROTECTED] After radius-server authorized the request i want to convert my user to an @-Form to pass it to the rlm_krb5-module for authentication, because we have different Kerberos-Realms and the Name 27180769 is probably not enough to pick the right Kerberos-Server from krb5.conf. For this shake my external Programm gives back a value Pair in the Form User-Name := [EMAIL PROTECTED], after I feed it with the LDAP-DN from the LDAP-request, to pick the right realm. It seems that the memory allocated for User-Name is not reallocated, so vals of other vars were overwritten after the program returns. here is my debug-output from radiusd -s -xx: Exec-Program: /usr/local/bin/convert.php CN=27180769,CN=Users,DC=apfelbaum,DC=de Exec-Program output: User-Name := [EMAIL PROTECTED] Exec-Program-Wait: value-pairs: User-Name := [EMAIL PROTECTED] Exec-Program: returned: 0 modcall[authorize]: module convert_name returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=apfelbaum,dc=de' radius_xlat: '(|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apf elbaum,DC=de)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=modemuser,cn=Users,dc=apfelbaum,dc=de, with filter (|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfe lbaum,DC=de))) rlm_ldap::ldap_groupcmp: User found in group cn=modemuser,cn=Users,dc=apfelbaum,dc=de rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 219 radius_xlat: 'number=08912124447 direction=outgoing' modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Kerberos auth: type Kerberos Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_krb5: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfelbaum,DC= de)`] krb5_g_i_t_w_p failed: Cannot resolve network address for KDC in requested realm modcall[authenticate]: module krb5 returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Login incorrect: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users/ROrt9670] (from client localhost port 0) a snap from radiusd.conf: exec convert_name { wait=yes program =/usr/local/bin/convert.php %{Ldap-UserDn} input_pairs = request output_pairs = request } authorize { ldap { notfound = return } convert_name files } my users-file: DEFAULT Ldap-Group == cn=modemuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3 Layer1Protocol=modem, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Ldap-Group == cn=isdnuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Auth-Type := Reject Reply-Message = Your account has been disabled. greetings Marcus Koestler Bayerisches Landeskriminalamt SG 343, Netztechnik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: WG: Problem conversion of User-Name
yes. -Ursprüngliche Nachricht- Von: Kenneth Grady [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. Oktober 2005 16:20 An: FreeRadius users mailing list Betreff: Re: WG: Problem conversion of User-Name in your /etc/krb5.conf do you have ... [realms] apfelbaum.de ={ kdc = kerberos... On Thu, 2005-10-13 at 07:58, [EMAIL PROTECTED] wrote: Hello, I have a Problem after converting a User-Name of the Form 27180769 to [EMAIL PROTECTED] After radius-server authorized the request i want to convert my user to an @-Form to pass it to the rlm_krb5-module for authentication, because we have different Kerberos-Realms and the Name 27180769 is probably not enough to pick the right Kerberos-Server from krb5.conf. For this shake my external Programm gives back a value Pair in the Form User-Name := [EMAIL PROTECTED], after I feed it with the LDAP-DN from the LDAP-request, to pick the right realm. It seems that the memory allocated for User-Name is not reallocated, so vals of other vars were overwritten after the program returns. here is my debug-output from radiusd -s -xx: Exec-Program: /usr/local/bin/convert.php CN=27180769,CN=Users,DC=apfelbaum,DC=de Exec-Program output: User-Name := [EMAIL PROTECTED] Exec-Program-Wait: value-pairs: User-Name := [EMAIL PROTECTED] Exec-Program: returned: 0 modcall[authorize]: module convert_name returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'dc=apfelbaum,dc=de' radius_xlat: '(|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apf elbaum,DC=de)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=modemuser,cn=Users,dc=apfelbaum,dc=de, with filter (|((objectClass=Group)(member=CN=27180769,CN=Users,DC=apfelbaum,DC=de))( (objectClass=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfe lbaum,DC=de))) rlm_ldap::ldap_groupcmp: User found in group cn=modemuser,cn=Users,dc=apfelbaum,dc=de rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 219 radius_xlat: 'number=08912124447 direction=outgoing' modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Kerberos auth: type Kerberos Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_krb5: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users,DC=apfelbaum,DC= de)`] krb5_g_i_t_w_p failed: Cannot resolve network address for KDC in requested realm modcall[authenticate]: module krb5 returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Login incorrect: [ss=GroupOfUniqueNames)(uniquemember=CN=27180769,CN=Users/ROrt9670] (from client localhost port 0) a snap from radiusd.conf: exec convert_name { wait=yes program =/usr/local/bin/convert.php %{Ldap-UserDn} input_pairs = request output_pairs = request } authorize { ldap { notfound = return } convert_name files } my users-file: DEFAULT Ldap-Group == cn=modemuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3 Layer1Protocol=modem, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Ldap-Group == cn=isdnuser,cn=Users,dc=apfelbaum,dc=de, Auth-Type:=Kerberos DIALT := number=%{reply:DIALT} direction=outgoing, PPPT := callback=ppp_offered blocktime=3, Idle-Timeout = 900, Framed-Protocol = PPP, User-Service := 2, Fall-Through = 0, Framed-Netmask := 255.255.255.255 DEFAULT Auth-Type := Reject Reply-Message = Your account has been disabled. greetings Marcus Koestler Bayerisches Landeskriminalamt SG 343, Netztechnik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html