subject:"Realm extraction"

Realm extraction

2005-09-22 Thread Dmitry Alekhin

Hi all,

I am new in free radius , so I have one question: How can I exctract Realm 
attribute in
radiusd.conf name?
So, I need to use it in LDAP filter to make search like :
ldap{
server = localhost
identity = uid=pr,ou=Staff,dc=domain,dc=com
password = secret
basedn = ou=People,dc=ivoho,dc=com



filter = (uid=%{User-Name},ou=%{Realm-Name})
# base_filter = (objectclass=radiusprofile)

...


how can I get Realm-Name variable ?
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realm extraction

2005-09-22 Thread Alan DeKok

Dmitry Alekhin [EMAIL PROTECTED] wrote:
 I am new in free radius , so I have one question: How can I exctract Realm 
 attribute in
 radiusd.conf name?

  Use the Realm attribute.  The debug log will show you that the
realm module is adding this attribute.

   Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realm extraction

2005-09-22 Thread Dmitry Alekhin

Thanks for help :)

But it does not work :(

Here is my radiusd.conf

---

ldap{
server = localhost
identity = uid=Admin,ou=Staff,dc=example,dc=com
password = secret
basedn = ou=People,dc=example,dc=com
filter =
(uid=%{Stripped-User-Name:-%{User-Name}},ou=%{Realm})

 Realm section is still untouched

   #
#  Using this entry, IPASS users have their realm set to IPASS.
realm IPASS {
format = prefix
delimiter = /
ignore_default = no
ignore_null = no
}

 #
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}

#  'username%realm'
#
realm realmpercent {
format = suffix
delimiter = %
ignore_default = no
ignore_null = no
}

#
#  'domain\user'
#
realm ntdomain {
format = prefix
delimiter = \\
ignore_default = no
ignore_null = no
}


Below is debug:
modcall: entering group authorize for request 0
rlm_realm: Looking up realm example.com for User-Name = example.com
rlm_realm: No such realm example.com
  modcall[authorize]: module suffix returns noop for request 0
  modcall[authorize]: module preprocess returns ok for request 0
  modcall[authorize]: module attr_filter returns noop for request 0
rlm_realm: Looking up realm example.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm example.com
  modcall[authorize]: module suffix returns noop for request 0
  modcall[authorize]: module chap returns noop for request 0
  modcall[authorize]: module mschap returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module eap returns noop for request 0
  modcall[authorize]: module files returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for [EMAIL PROTECTED]
radius_xlat:  '([EMAIL PROTECTED],ou=)'
radius_xlat:  'ou=People,dc=example,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as uid=Admin,ou=Staff,dc=example,dc=com/secret to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter
([EMAIL PROTECTED],ou=)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module ldap returns notfound for request 0
...

As you can see ou is empty.



- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Thursday, September 22, 2005 9:34 PM
Subject: Re: Realm extraction


 Dmitry Alekhin [EMAIL PROTECTED] wrote:
  I am new in free radius , so I have one question: How can I exctract
Realm attribute in
  radiusd.conf name?

   Use the Realm attribute.  The debug log will show you that the
 realm module is adding this attribute.

Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realm extraction

2005-09-22 Thread Bjørn Mork

Dmitry Alekhin [EMAIL PROTECTED] writes:

 rlm_realm: Looking up realm example.com for User-Name = [EMAIL 
 PROTECTED]
 rlm_realm: No such realm example.com

Maybe you should add something like this to proxy.conf?

realm example.com {
   type= radius
   authhost= LOCAL
   accthost= LOCAL
}


Bjørn

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Realm extraction

Re: Realm extraction

Re: Realm extraction

Re: Realm extraction

4 matches

Site Navigation

Mail list logo

Footer information