Wrong behaviour of rlm_ldap module + users file
inverse
inverse at ngi.it
Fri Jul 27 13:25:03 CEST 2007
Hi,
I tried the suggestion and it didn't work, here are the involved
radiusd.conf sections.
You will also notice mschap and similars, that's because we also have
dialup users who need an ldap lookup for their belonging to a dialup
group and the password. I also need to check if chap still works with
this configuration...
instantiate {
exec
ldap
files
expr
}
authorize {
preprocess
auth_log
chap
mschap
suffix
eap
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
And this is the users file line:
john.doe at test.com Cleartext-Password := "a", Ldap-Group == "wifi"
I also used this one:
john.doe at test.com Ldap-Group == "wifi"
with EAP-TLS.
No way. Both first perform a user-existence check in the ldap_groupcmp() call.
Meaning these both work if user exists in the LDAP tree.
In the meanwhile I'm looking at the source code for this call... it
sounds like this search is hardcoded somewhere. Forgive my suckage.
T_T
Bye,
Inverse
On 7/26/07, inverse <inverse at ngi.it> wrote:
> > >
> > > users file line:
> > > john.doe at test.com Auth-Type := EAP, User-Password == "a", Ldap-Group == "wifi"
> >
> > Totally wrong. You want:
> >
> > john.doe at test.com Cleartext-Password := "a", Ldap-Group == "wifi"
> >
>
> Thanks, I owe you one
>
>
> Bye,
> Inverse.
>
--
"In a sea of glass shards, I hear you screaming"
--icchan
More information about the Freeradius-Users
mailing list