Re: check item problem
On Wed, 2 Apr 2003, Brian Leung wrote:
> Hi all,
>
> i don't know whether it have a bug or not?
> when i used checkval module and radiusCalledStationid, it is prefer.
> But, when i used radiusCheckItem: NAS-IP-Address := 202.14.68.51, it seems
> have problem.
> the NAS 202.14.68.50 still can pass the radius although i have the above
> restriction.
> You can see that the nas-ip module return ok.
> but if i change radiusCheckItem: NAS-IP-Address to 192.168.0.1, it will
> reject as normal if i dial from 202.14.68.50
> it seems can't recognize the ip address except for the first octet
Do a cvs update on rlm_checkval. It should now work better.
>
> rad_recv: Access-Request packet from host 202.14.68.50:1025, id=235,
> length=105
> User-Name = "brianlk"
> User-Password = ""
> NAS-IP-Address = 202.14.68.50
> NAS-Port = 20312
> NAS-Port-Type = Async
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = 0x
> Calling-Station-Id = "21519330"
> Called-Station-Id = "34234418"
> Acct-Session-Id = "377180294"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> radius_xlat: '@test.com'
> rlm_attr_rewrite: No match found for attribute User-Name with value
> 'brianlk'
> modcall[authorize]: module "fixusername1" returns ok
> radius_xlat: '@test.com'
> rlm_attr_rewrite: No match found for attribute User-Name with value
> 'brianlk'
> modcall[authorize]: module "fixusername2" returns ok
> modcall: entering group redundant
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for brianlk
> radius_xlat: '(uid=brianlk)'
> radius_xlat: 'o=test.com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=test.com, with filter (uid=brianlk)
> rlm_ldap: Added password {crypt}asdasfsdgdfg in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: extracted attribute NAS-IP-Address from generic item
> NAS-IP-Address := 202.14.68.51
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user brianlk authorized to use remote access
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "LDAP1" returns ok
> modcall: group redundant returns ok
> rlm_checkval: Item Name: NAS-IP-Address, Value: 202.14.68.50
> rlm_checkval: Value Name: NAS-IP-Address, Value: 202.14.68.51
> modcall[authorize]: module "nas-ip" returns ok
>
> the config inside radiusd.conf:
>
> checkval nas-ip {
> # The attribute to look for in the request
> item-name = NAS-IP-Address
>
> # The attribute to look for in check items. Can be multi
> valued
> check-name = NAS-IP-Address
>
> # The data type. Can be
> # string,integer,ipaddr,date,abinary,octets
> data-type = ipaddr
>
> # If set to yes and we dont find the item-name attribute in
> the
> # request then we send back a reject
> # DEFAULT is no
> #notfound-reject = no
> }
>
>
> Brian
>
> - Original Message -
> From: "Dustin Doris" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, April 01, 2003 10:22 PM
> Subject: Re: check item problem
>
>
> > Do you see how the Called-Station-Id is not coming in with the auth
> > request?
> >
> > > The following is the whole debug when i used "compare_check_items",
> > >
> > > Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
> > > 1647/udp.
> > > Ready to process requests.
> > > rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223,
> length=59
> > > User-Name = "brianlk"
> > > User-Password = "123jseff"
> > > NAS-IP-Address = 192.168.0.2
> > > NAS-Port = 10
> > > modcall: entering group authorize
> > > rlm_ldap: looking for check items in directory...
> > > rlm_ldap: extracted attribute NAS-IP-Address from generic item
> > > NAS-IP-Address == "192.168.0.1"
> > > rlm_ldap: looking for reply items in directory...
> > > Invalid operator for item User-Password: reverting to '=='
> > > rlm_ldap: Pairs do not match. Rejecting user.
> > > ldap_release_conn: Release Id: 0
> >
> > You need to make sure the NAS is s
Re: check item problem
hi Alan, Thx for your help. but although i use radiusCheckItem: NAS-IP-Address == 202.14.68.51, it still have the problem. Brian - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 02, 2003 11:53 PM Subject: Re: check item problem > "Brian Leung" <[EMAIL PROTECTED]> wrote: > > i don't know whether it have a bug or not? > > when i used checkval module and radiusCalledStationid, it is prefer. > > But, when i used radiusCheckItem: NAS-IP-Address := 202.14.68.51 > > See the 'man' page for the 'users' file. That last line tells me > you're doing something wrong. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
"Brian Leung" <[EMAIL PROTECTED]> wrote: > i don't know whether it have a bug or not? > when i used checkval module and radiusCalledStationid, it is prefer. > But, when i used radiusCheckItem: NAS-IP-Address := 202.14.68.51 See the 'man' page for the 'users' file. That last line tells me you're doing something wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
Hi all,
i don't know whether it have a bug or not?
when i used checkval module and radiusCalledStationid, it is prefer.
But, when i used radiusCheckItem: NAS-IP-Address := 202.14.68.51, it seems
have problem.
the NAS 202.14.68.50 still can pass the radius although i have the above
restriction.
You can see that the nas-ip module return ok.
but if i change radiusCheckItem: NAS-IP-Address to 192.168.0.1, it will
reject as normal if i dial from 202.14.68.50
it seems can't recognize the ip address except for the first octet
rad_recv: Access-Request packet from host 202.14.68.50:1025, id=235,
length=105
User-Name = "brianlk"
User-Password = ""
NAS-IP-Address = 202.14.68.50
NAS-Port = 20312
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Calling-Station-Id = "21519330"
Called-Station-Id = "34234418"
Acct-Session-Id = "377180294"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: '@test.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername1" returns ok
radius_xlat: '@test.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername2" returns ok
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for brianlk
radius_xlat: '(uid=brianlk)'
radius_xlat: 'o=test.com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=test.com, with filter (uid=brianlk)
rlm_ldap: Added password {crypt}asdasfsdgdfg in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: extracted attribute NAS-IP-Address from generic item
NAS-IP-Address := 202.14.68.51
rlm_ldap: looking for reply items in directory...
rlm_ldap: user brianlk authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "LDAP1" returns ok
modcall: group redundant returns ok
rlm_checkval: Item Name: NAS-IP-Address, Value: 202.14.68.50
rlm_checkval: Value Name: NAS-IP-Address, Value: 202.14.68.51
modcall[authorize]: module "nas-ip" returns ok
the config inside radiusd.conf:
checkval nas-ip {
# The attribute to look for in the request
item-name = NAS-IP-Address
# The attribute to look for in check items. Can be multi
valued
check-name = NAS-IP-Address
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
data-type = ipaddr
# If set to yes and we dont find the item-name attribute in
the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
}
Brian
- Original Message -
From: "Dustin Doris" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 01, 2003 10:22 PM
Subject: Re: check item problem
> Do you see how the Called-Station-Id is not coming in with the auth
> request?
>
> > The following is the whole debug when i used "compare_check_items",
> >
> > Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
> > 1647/udp.
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223,
length=59
> > User-Name = "brianlk"
> > User-Password = "123jseff"
> > NAS-IP-Address = 192.168.0.2
> > NAS-Port = 10
> > modcall: entering group authorize
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: extracted attribute NAS-IP-Address from generic item
> > NAS-IP-Address == "192.168.0.1"
> > rlm_ldap: looking for reply items in directory...
> > Invalid operator for item User-Password: reverting to '=='
> > rlm_ldap: Pairs do not match. Rejecting user.
> > ldap_release_conn: Release Id: 0
>
> You need to make sure the NAS is sending the Called-Station-Id for this to
> work for you. The attributes that come in the Access-Request packet are
> compared against what is in your LDAP directory. So its comparing
> Called-Station-Id in your ldap directory to nothing.
>
>
>
>
> > >
> > > > hi all,
> > > > i wanna to add some rules in freeradius so the user just can access
the
> > system from the Calledstationid 123456, for example
> > > > my ldif is like that:
> > > >
> > > > dn: uid=brianlk,ou=dialup,o=test
> > > > objectClass: top
> > > > objectClass: person
>
Re: check item problem
Do you see how the Called-Station-Id is not coming in with the auth request? > The following is the whole debug when i used "compare_check_items", > > Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on > 1647/udp. > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223, length=59 > User-Name = "brianlk" > User-Password = "123jseff" > NAS-IP-Address = 192.168.0.2 > NAS-Port = 10 > modcall: entering group authorize > rlm_ldap: looking for check items in directory... > rlm_ldap: extracted attribute NAS-IP-Address from generic item > NAS-IP-Address == "192.168.0.1" > rlm_ldap: looking for reply items in directory... > Invalid operator for item User-Password: reverting to '==' > rlm_ldap: Pairs do not match. Rejecting user. > ldap_release_conn: Release Id: 0 You need to make sure the NAS is sending the Called-Station-Id for this to work for you. The attributes that come in the Access-Request packet are compared against what is in your LDAP directory. So its comparing Called-Station-Id in your ldap directory to nothing. > > > > > hi all, > > > i wanna to add some rules in freeradius so the user just can access the > system from the Calledstationid 123456, for example > > > my ldif is like that: > > > > > > dn: uid=brianlk,ou=dialup,o=test > > > objectClass: top > > > objectClass: person > > > objectClass: organizationalPerson > > > objectClass: inetOrgPerson > > > objectClass: inetLocalMailRecipient > > > objectClass: radiusprofile > > > objectClass: posixAccount > > > objectClass: PureFTPdUser > > > sn: brianlk > > > ou: dialup > > > description:: IFBQUF9VWFBX > > > uid: brianlk > > > uidNumber: 15385 > > > gidNumber: 1001 > > > homeDirectory: /home/brianlk > > > loginShell: /sbin/nologin > > > userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI= > > > cn: brianlk > > > radiusCalledStationId: 123456 > > > > > > However, the radiusCalledStationId haven't checked when i login. So, i > can access system from any Calledstationid. How can i fix? > > > And, did i need to enable "compare_check_items = yes"? > > > I have tried to enable, but i was rejected when i login. Anyone knows > how to use "compare_check_items"? Thank you > > > the debug: > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
Hi Kostas,
The following is the whole debug when i used "compare_check_items",
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33291, id=223, length=59
User-Name = "brianlk"
User-Password = "123jseff"
NAS-IP-Address = 192.168.0.2
NAS-Port = 10
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: '@testing.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername1" returns ok
radius_xlat: '@testing.com'
rlm_attr_rewrite: No match found for attribute User-Name with value
'brianlk'
modcall[authorize]: module "fixusername2" returns ok
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for brianlk
radius_xlat: '(uid=brianlk)'
radius_xlat: 'o=pacific.net.hk'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.testing.com:389, authentication 0
rlm_ldap: bind as / to ldap.testing.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=testing.com, with filter (uid=brianlk)
rlm_ldap: Added password {crypt}1234455xe42 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: extracted attribute NAS-IP-Address from generic item
NAS-IP-Address == "192.168.0.1"
rlm_ldap: looking for reply items in directory...
Invalid operator for item User-Password: reverting to '=='
rlm_ldap: Pairs do not match. Rejecting user.
ldap_release_conn: Release Id: 0
modcall[authorize]: module "LDAP1" returns reject
modcall: group redundant returns reject
modcall: group authorize returns reject
Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client
localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 223 to 127.0.0.1:33291
Waking up in 7 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 223 with timestamp 3e88e269
Nothing to do. Sleeping until we see a request.
anyway i think i will try the your checkbval suggestion, thanks a lot.
Brian
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: "freeradius" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 10:19 PM
Subject: Re: check item problem
> On Mon, 31 Mar 2003, Brian Leung wrote:
>
> > hi all,
> > i wanna to add some rules in freeradius so the user just can access the
system from the Calledstationid 123456, for example
> > my ldif is like that:
> >
> > dn: uid=brianlk,ou=dialup,o=test
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: inetOrgPerson
> > objectClass: inetLocalMailRecipient
> > objectClass: radiusprofile
> > objectClass: posixAccount
> > objectClass: PureFTPdUser
> > sn: brianlk
> > ou: dialup
> > description:: IFBQUF9VWFBX
> > uid: brianlk
> > uidNumber: 15385
> > gidNumber: 1001
> > homeDirectory: /home/brianlk
> > loginShell: /sbin/nologin
> > userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
> > cn: brianlk
> > radiusCalledStationId: 123456
> >
> > However, the radiusCalledStationId haven't checked when i login. So, i
can access system from any Calledstationid. How can i fix?
> > And, did i need to enable "compare_check_items = yes"?
> > I have tried to enable, but i was rejected when i login. Anyone knows
how to use "compare_check_items"? Thank you
> > the debug:
>
> Try using the checkval module instead of enabling compare_check_items
>
> >
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: performing search in o=test, with filter (uid=brianlk)
> > rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value
123456 & op=21
> > rlm_ldap: looking for reply items in directory...
> > Invalid operator for item User-Password: reverting to '=='
> > rlm_ldap: Pairs do not match. Rejecting user.
> > ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "LDAP1" returns reject
> > modcall: group redundant returns reject
> > modcall: group authorize returns reject
> > Invalid user (rlm_ldap: Pairs d
Re: check item problem
> the ldap.attrmap is :
> checkItem $GENERIC$ radiusCheckItem
> replyItem $GENERIC$ radiusReplyItem
>
> checkItem Auth-Type radiusAuthType
> checkItem Simultaneous-UseradiusSimultaneousUse
> checkItem Called-Station-Id radiusCalledStationId
> checkItem Calling-Station-Id radiusCallingStationId
> checkItem LM-Password lmPassword
> checkItem NT-Password ntPassword
> checkItem SMB-Account-CTRL-TEXT acctFlags
> checkItem Expiration radiusExpiration
> checkItem Ldap-Group radiusGroupName
>
That looks right.
> debug:
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in o=test, with filter (uid=brianlk)
> rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 &
> op=21
> rlm_ldap: looking for reply items in directory...
Can you go up further, when the packet comes in. Such as
rad_recv: Access-Request packet from host 127.0.0.1:3736, id=236,
length=65
User-Name = "test"
User-Password = "test"
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
NAS-Port-Type = Async
NAS-Port-Id = "0"
Note that is just an example I through together.
I wanted to see if Called-Station-Id was actually coming in in the
access-request packet.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
On Mon, 31 Mar 2003, Brian Leung wrote:
> hi all,
> i wanna to add some rules in freeradius so the user just can access the system from
> the Calledstationid 123456, for example
> my ldif is like that:
>
> dn: uid=brianlk,ou=dialup,o=test
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: inetLocalMailRecipient
> objectClass: radiusprofile
> objectClass: posixAccount
> objectClass: PureFTPdUser
> sn: brianlk
> ou: dialup
> description:: IFBQUF9VWFBX
> uid: brianlk
> uidNumber: 15385
> gidNumber: 1001
> homeDirectory: /home/brianlk
> loginShell: /sbin/nologin
> userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
> cn: brianlk
> radiusCalledStationId: 123456
>
> However, the radiusCalledStationId haven't checked when i login. So, i can access
> system from any Calledstationid. How can i fix?
> And, did i need to enable "compare_check_items = yes"?
> I have tried to enable, but i was rejected when i login. Anyone knows how to use
> "compare_check_items"? Thank you
> the debug:
Try using the checkval module instead of enabling compare_check_items
>
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in o=test, with filter (uid=brianlk)
> rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 & op=21
> rlm_ldap: looking for reply items in directory...
> Invalid operator for item User-Password: reverting to '=='
> rlm_ldap: Pairs do not match. Rejecting user.
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "LDAP1" returns reject
> modcall: group redundant returns reject
> modcall: group authorize returns reject
> Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client localhost port
> 10)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 119 to 127.0.0.1:33242
> Waking up in 7 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 119 with timestamp 3e87d523
> Nothing to do. Sleeping until we see a request.
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
hi ,
the ldap.attrmap is :
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
checkItem Auth-Type radiusAuthType
checkItem Simultaneous-UseradiusSimultaneousUse
checkItem Called-Station-Id radiusCalledStationId
checkItem Calling-Station-Id radiusCallingStationId
checkItem LM-Password lmPassword
checkItem NT-Password ntPassword
checkItem SMB-Account-CTRL-TEXT acctFlags
checkItem Expiration radiusExpiration
checkItem Ldap-Group radiusGroupName
replyItem Service-TyperadiusServiceType
replyItem Framed-Protocol radiusFramedProtocol
replyItem Framed-IP-Address radiusFramedIPAddress
replyItem Framed-IP-Netmask radiusFramedIPNetmask
replyItem Framed-RouteradiusFramedRoute
ldif:
dn: uid=brianlk,ou=dialup,o=test
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: radiusprofile
objectClass: posixAccount
objectClass: PureFTPdUser
sn: brianlk
ou: dialup
description:: IFBQUF9VWFBX
uid: brianlk
uidNumber: 15385
gidNumber: 1001
homeDirectory: /home/brianlk
loginShell: /sbin/nologin
userPassword:: e2NyeXB0fTEwVGtiQVlpT3hlNDI=
cn: brianlk
radiusCalledStationId: 123456
debug:
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=test, with filter (uid=brianlk)
rlm_ldap: Added password {crypt}10Tkdsdfasfsfrwefxe42 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 123456 &
op=21
rlm_ldap: looking for reply items in directory...
Invalid operator for item User-Password: reverting to '=='
rlm_ldap: Pairs do not match. Rejecting user.
ldap_release_conn: Release Id: 0
modcall[authorize]: module "LDAP1" returns reject
modcall: group redundant returns reject
modcall: group authorize returns reject
Invalid user (rlm_ldap: Pairs do not match): [brianlk] (from client
localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 119 to 127.0.0.1:33242
Brian
- Original Message -
From: "Dustin Doris" <[EMAIL PROTECTED]>
To: "freeradius" <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 9:22 PM
Subject: Re: check item problem
> Sorry, I see that you are using ldap, so you probably don't want to list
> the users in the users file as well. If you enable compare_check_items,
> then all the check items that come in should match what's in the ldap
> directory.
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
Sorry, I see that you are using ldap, so you probably don't want to list the users in the users file as well. If you enable compare_check_items, then all the check items that come in should match what's in the ldap directory. So if you add radiusCalledStationId to the check items, then it must match what is in the ldap directory. You may be getting rejected because another attribute is in the check items, but not in ldap. So for example, you may have Calling-Station-Id in check items, but if that doesn't exist in the LDAP directory for the user, then it would fail. Maybe you could show a debug with the attributes that come in and a copy of your ldap.attrmap file. On Mon, 31 Mar 2003, Dustin Doris wrote: > > > On Mon, 31 Mar 2003, Brian Leung wrote: > > > hi all, > > i wanna to add some rules in freeradius so the user just can access the system > > from the Calledstationid 123456, for example > > my ldif is like that: > > > > add it in the users file. > > example, > > user User-Password == "password", Called-Station-ID == "12345" > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check item problem
On Mon, 31 Mar 2003, Brian Leung wrote: > hi all, > i wanna to add some rules in freeradius so the user just can access the system from > the Calledstationid 123456, for example > my ldif is like that: > add it in the users file. example, user User-Password == "password", Called-Station-ID == "12345" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
