Re: Wrong behaviour of rlm_ldap module + users file
Hi,
I tried the suggestion and it didn't work, here are the involved
radiusd.conf sections.
You will also notice mschap and similars, that's because we also have
dialup users who need an ldap lookup for their belonging to a dialup
group and the password. I also need to check if chap still works with
this configuration...
instantiate {
exec
ldap
files
expr
}
authorize {
preprocess
auth_log
chap
mschap
suffix
eap
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
And this is the users file line:
john.doe@test.com Cleartext-Password := "a", Ldap-Group == "wifi"
I also used this one:
john.doe@test.com Ldap-Group == "wifi"
with EAP-TLS.
No way. Both first perform a user-existence check in the ldap_groupcmp() call.
Meaning these both work if user exists in the LDAP tree.
In the meanwhile I'm looking at the source code for this call... it
sounds like this search is hardcoded somewhere. Forgive my suckage.
T_T
Bye,
Inverse
On 7/26/07, inverse <inverse@ngi.it> wrote:
> > >
> > > users file line:
> > > john.doe@test.com Auth-Type := EAP, User-Password == "a", Ldap-Group == "wifi"
> >
> > Totally wrong. You want:
> >
> > john.doe@test.com Cleartext-Password := "a", Ldap-Group == "wifi"
> >
>
> Thanks, I owe you one
>
>
> Bye,
> Inverse.
>
--
"In a sea of glass shards, I hear you screaming"
--icchan
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.