RE: help with ldap/checkitem
>I suggest you investigate the user of LDAP groups. thanks for the suggestion, I did that last night and it worked well for me. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
> i STILL don't get the attribute...so clearly i am doing something VERY > wrong, is anyone able to send me in the right direction? The users file consists of entries of the form: username|DEFAULT list reply1, reply2 list consists of a comma-separated sequence of *either*: * comparisons against items in the request * setting or re-setting of check items You *cannot* compare against a check item already set by an earlier module or earlier entry in the users file. I suggest you investigate the user of LDAP groups. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
On Friday 09 November 2007 14:26, Joe Vieira wrote: > > DEFAULT VPNGroupName == testing >CVPN3000-IPSec-Split-Tunneling-Policy = 1, >Filter-Id="itsadmin-filter", >CVPN3000-DHCP-Network-Scope = "140.232.2.1", >CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" > > i STILL don't get the attribute... I do this successfully with DEFAULT my-check-item == "my-value" Zoltan Ori Morehead State University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
so a little more info on this if i change DEFAULT VPNGroupName == testing CVPN3000-IPSec-Split-Tunneling-Policy = 1, Filter-Id="itsadmin-filter", CVPN3000-DHCP-Network-Scope = "140.232.2.1", CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" to DEFAULT VPNGroupName =* testing CVPN3000-IPSec-Split-Tunneling-Policy = 1, Filter-Id="itsadmin-filter", CVPN3000-DHCP-Network-Scope = "140.232.2.1", CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" i STILL don't get the attribute...so clearly i am doing something VERY wrong, is anyone able to send me in the right direction? Joe Vieira UNIX Systems Administrator Clark University - ITS Joe Vieira wrote: I created the attribute, and i don't get any dictionary errors [EMAIL PROTECTED] raddb]# cat dictionary | grep VPN ATTRIBUTE VPNGroupName3001string Joe Vieira UNIX Systems Administrator Clark University - ITS [EMAIL PROTECTED] wrote: Attribute is most likely VPN-Group-Name. Check in the freeradius dictionary. Ivan Kalik Kalik Informatika ISP Dana 9/11/2007, "Joe Vieira" <[EMAIL PROTECTED]> piše: Hi, I am having some confusing trouble with an LDAP check item. applicable line from ldap attribute file --- checkItem VPNGroupNameclarkuVlan Users file. ## VPN USER CONFIG DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN Reply-Message = "Welcome %u, to Clark University's network #AUTHORIZED USE ONLY#", Fall-Through = Yes # VPN TEST USER CONFIG DEFAULT VPNGroupName == testing CVPN3000-IPSec-Split-Tunneling-Policy = 1, Filter-Id="itsadmin-filter", CVPN3000-DHCP-Network-Scope = "140.232.2.1", CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" debug output rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by clarkuVpnAccess rlm_ldap: looking for check items in directory... rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21 Login OK: [CLARKU\\bjulin] (from client vpn port 176) Sending Access-Accept of id 8 to 10.13.13.1 port 1025 Reply-Message = "Welcome CLARKUbjulin, to Clark University's network #AUTHORIZED USE ONLY#" Framed-MTU = 576 MS-CHAP2-Success = 0x MS-MPPE-Recv-Key = 0 MS-MPPE-Send-Key = 0 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 so i see it set the check item VPNGroupName to testing, but it never matches in the users file, can anyone point to what i am doing wrong? -- Joe Vieira UNIX Systems Administrator Clark University - ITS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
I created the attribute, and i don't get any dictionary errors [EMAIL PROTECTED] raddb]# cat dictionary | grep VPN ATTRIBUTE VPNGroupName3001string Joe Vieira UNIX Systems Administrator Clark University - ITS [EMAIL PROTECTED] wrote: Attribute is most likely VPN-Group-Name. Check in the freeradius dictionary. Ivan Kalik Kalik Informatika ISP Dana 9/11/2007, "Joe Vieira" <[EMAIL PROTECTED]> piše: Hi, I am having some confusing trouble with an LDAP check item. applicable line from ldap attribute file --- checkItem VPNGroupNameclarkuVlan Users file. ## VPN USER CONFIG DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN Reply-Message = "Welcome %u, to Clark University's network #AUTHORIZED USE ONLY#", Fall-Through = Yes # VPN TEST USER CONFIG DEFAULT VPNGroupName == testing CVPN3000-IPSec-Split-Tunneling-Policy = 1, Filter-Id="itsadmin-filter", CVPN3000-DHCP-Network-Scope = "140.232.2.1", CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" debug output rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by clarkuVpnAccess rlm_ldap: looking for check items in directory... rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21 Login OK: [CLARKU\\bjulin] (from client vpn port 176) Sending Access-Accept of id 8 to 10.13.13.1 port 1025 Reply-Message = "Welcome CLARKUbjulin, to Clark University's network #AUTHORIZED USE ONLY#" Framed-MTU = 576 MS-CHAP2-Success = 0x MS-MPPE-Recv-Key = 0 MS-MPPE-Send-Key = 0 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 so i see it set the check item VPNGroupName to testing, but it never matches in the users file, can anyone point to what i am doing wrong? -- Joe Vieira UNIX Systems Administrator Clark University - ITS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with ldap/checkitem
Attribute is most likely VPN-Group-Name. Check in the freeradius dictionary. Ivan Kalik Kalik Informatika ISP Dana 9/11/2007, "Joe Vieira" <[EMAIL PROTECTED]> piše: > >Hi, >I am having some confusing trouble with an LDAP check item. >applicable line from ldap attribute file > >--- >checkItem VPNGroupNameclarkuVlan > >Users file. >## VPN USER CONFIG >DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN >Reply-Message = "Welcome %u, to Clark University's network >#AUTHORIZED USE ONLY#", >Fall-Through = Yes > ># VPN TEST USER CONFIG > >DEFAULT VPNGroupName == testing >CVPN3000-IPSec-Split-Tunneling-Policy = 1, >Filter-Id="itsadmin-filter", >CVPN3000-DHCP-Network-Scope = "140.232.2.1", >CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes" > > > >debug output > >rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by >clarkuVpnAccess >rlm_ldap: looking for check items in directory... >rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21 > >Login OK: [CLARKU\\bjulin] (from client vpn port 176) >Sending Access-Accept of id 8 to 10.13.13.1 port 1025 >Reply-Message = "Welcome CLARKUbjulin, to Clark University's >network #AUTHORIZED USE ONLY#" >Framed-MTU = 576 >MS-CHAP2-Success = 0x >MS-MPPE-Recv-Key = 0 >MS-MPPE-Send-Key = 0 >MS-MPPE-Encryption-Policy = 0x0002 >MS-MPPE-Encryption-Types = 0x0004 > > >so i see it set the check item VPNGroupName to testing, but it never >matches in the users file, can anyone point to what i am doing wrong? > > >-- >Joe Vieira >UNIX Systems Administrator >Clark University - ITS > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html