RE: Freeradius-Users digest, Vol 1 #1084 - 10 msgs
Kostas, Thanks alot for the information, I got everything else figured out before I sent the email. I was reading the 'variables.txt' but couldn't find the variable for realm. Thanks again, Thai > Yes. You add the realms in proxy.conf and in the ldap > configuration section you > use %{Realm} when setting the basedn. Something like: > > basedn = "ou=%{Realm},dc=company,dc=com" > > The realm module should be before ldap in the authorize section. > Also remember > to put Stripped-User-Name in your ldap filter like: > > filter = "(uid=%{Stripped-User-Name:-{User-Name}})" > > Hope this helps > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED]National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Realms?
Hello everyone, I am trying to get realms to work correctly in FreeRadius with no success. I've tried reading some postings and the documentation but still with no success. Is it possible for me to setup users in certain realms so that they would access a different portion of the tree in LDAP? If so does anyone have any suggestions or example that I could follow? Thanks ahead, Thai Q. Tran Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Expiration/Account Expiration
Kostas Kalevras, You are the man!!! I really owe you one... Thanks alot. ;-) > > Hello Everyone, > > > > My main problem right now is that I am attempting to set an > expiration date > > for my radius accounts. I've tried searching through the RFCs and > > registered OIDs hoping for some luck with this issue. I've > tried multiple > > syntax values with no success. > > > > I have a attribute in my radius schema like so: > > -- > > attributetype > >( 1.3.6.1.4.1.3317.4.3.1.54 > > NAME 'radiusExpiration' > > DESC '' > > EQUALITY caseIgnoreIA5Match > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > > SINGLE-VALUE > >) > > -- > > I have also added to the ldap.attrmap with: > > -- > > checkitem Expiration radiusExpiration > > -- > > But when I enter in a date '27 Aug 2002' for example it takes it fine. > > When sending the information to the Radius server the debug > shows only '27'. > > -- > > rlm_ldap: Adding radiusExpiration as Expiration, value 27 & op=11 > > -- > > > > Does anyone have any idea why this is occurring, and can > someone please > > point me in the right direction. Also Kostas Kalevras you were > one of the > > people to helped me get this far, I just wanted to thank you... > > Try using "27 Aug 2002" (with the double quotes). > > > > > Thanks ahead, > > Thai Q. Tran > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED]National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Expiration/Account Expiration
Hello Everyone, My main problem right now is that I am attempting to set an expiration date for my radius accounts. I've tried searching through the RFCs and registered OIDs hoping for some luck with this issue. I've tried multiple syntax values with no success. I have a attribute in my radius schema like so: -- attributetype ( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -- I have also added to the ldap.attrmap with: -- checkitem Expiration radiusExpiration -- But when I enter in a date '27 Aug 2002' for example it takes it fine. When sending the information to the Radius server the debug shows only '27'. -- rlm_ldap: Adding radiusExpiration as Expiration, value 27 & op=11 -- Does anyone have any idea why this is occurring, and can someone please point me in the right direction. Also Kostas Kalevras you were one of the people to helped me get this far, I just wanted to thank you... Thanks ahead, Thai Q. Tran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius LDAP account expiration
Hello Everyone, Does anyone know if it's possible to configure LDAP and FreeRadius to have an expiration date for accounts? Thanks ahead, Thai Q. Tran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP Errors
Hello, Thanks alot I finally got it to work!!! Well when compiling I have tried 'make clean' and 'make distclean' with no success. Finally I tried openldap-2.0.25 like you suggested and everything works fine now. Well I guess all the hair pulling could have been avoided by going to a more stable version earlier ;-) Thanks alot for you help. Thai Q. Tran > Stupid question: You did do a 'make clean' before recompiling? > > Try increasing the debug level in rlm_ldap (ldap_debug directive) > and in your > ldap server. See if you can get anything usefull from there > (especially from your > ldap server logs). Also, I see that you are using openldap21. If > you can just > try connecting to an openldap20 server and/or using openldap20 > libraries that > would be nice, just to exclude any possible problems with openldap21. > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED]National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP Authentication
My main problem lies with the LDAP and Radius server communicating. It seems as thought FreeRadius is attempting to connect to the LDAP server using SASL, TLS etc. I'm not quite sure which one it is attempting to use. Here is my error message: rlm_ldap: cn=admin,o=mye-znet/mypass bind to localhost:389 failed = Protocol Error I've seen some postings on the internet where it states that the Radius server using ldap_simple_bind. If it is possible for me to configure FreeRadius to use the simple bind method I'm positive that it would work. Any suggestions? Thanks ahead, Thai Tran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP Authentication
My main problem lies with the LDAP and Radius server communicating. It seems as thought FreeRadius is attempting to connect to the LDAP server using SASL, TLS etc. I'm not quite sure which one it is attempting to use. Here is my error message: rlm_ldap: cn=admin,o=mye-znet/mypass bind to localhost:389 failed = Protocol Error I've seen some postings on the internet where it states that the Radius server using ldap_simple_bind. If it is possible for me to configure FreeRadius to use the simple bind method I'm positive that it would work. Any suggestions? Thanks ahead, Thai Tran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html