radiusprofile entry don't work

Dusty Doris freeradius at mail.doris.cc
Thu Jun 30 18:20:17 CEST 2005


> hi all,
>
> excuse me for my bad english, I'm italian.
> i would to create a structure wich control the user's access on a WLAN
> by an auth-ldap.
> I have create a ldap directory witch basedn dc=unime,dc=it.
> now, like is write on the ldap_tutorial in the doc/ directory, i try to
> import this ldif file (modified for my interst). the authentication to
> be with the EAP-TLS protocol (it work fine) therefore I've deleted the
> sections of the passwords and for authentication.
>
> dn: dc=unime,dc=it
> objectClass: dcObject
> objectClass: organizationUnit
> ou: Unime.it Radius
> dc: unime
>
> dn: ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: radius
>
> dn: ou=profiles,ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: profiles
>
> dn: ou=users,ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: users
>
> dn: uid=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
> objectclass: radiusprofile
> uid: WLAN
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPNetmask: 255.255.255.0
> radiusFramedRouting: None
>
> dn: uid=Felice,ou=users,ou=radius,dc=mydomain,dc=com
> objectclass: radiusProfile
> uid: Felice
> radiusGroupName: WLAN
>
> the entry with uid  =WLAN don't work, this is the message returned is
> invalid syntax #0 approximately... I don't have my pc here.
>
> Anyone can help me?
>

Check the RADIUS-LDAPv3.schema file that you used.  That howto doc was
using an old one that used uid, the new one uses cn.  Go down to the
objectclass of radiusprofile and look what it says in MUST.  If it says
cn, then you will need to use cn or change that to uid.

example:

dn: cn=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
objectclass: radiusprofile
cn: WLAN
radiusServiceType: ....

OR change that file.

objectclass
   ( 1.3.6.1.4.1.3317.4.3.2.1
      NAME 'radiusprofile'
      SUP top AUXILIARY
      DESC ''
      MUST cn

to

objectclass
   ( 1.3.6.1.4.1.3317.4.3.2.1
      NAME 'radiusprofile'
      SUP top AUXILIARY
      DESC ''
      MUST uid


I'd recommend just using cn, so you don't have to remember to modify it
everytime you install freeradius on a machine.

-Dusty Doris



More information about the Freeradius-Users mailing list