Problems with EAP and LDAP replyItems (2.0.2)

tschaos at gmx.net tschaos at gmx.net
Wed Aug 20 11:49:52 CEST 2008 

IT WORKS! :-)

setting use_tunneled_reply = yes in peap-section solved the problem.

thanks for your help anyway!


-------- Original-Nachricht --------
> Datum: Wed, 20 Aug 2008 11:09:27 +0200
> Von: "Chaos Commander" <tschaos at gmx.net>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: Problems with EAP and LDAP replyItems (2.0.2)

> -------- Original-Message --------
> > Datum: Wed, 20 Aug 2008 09:18:57 +0100
> > Von: "Ivan Kalik" <tnt at kalik.net>
> > An: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> > Betreff: Re: Problems with EAP and LDAP replyItems (2.0.2)
> 
> > radiusCallingStationId is already mapped as Calling-Sattion-Id. Use
> > another ldap attribute name for this.
> > 
> > Ivan Kalik
> > Kalik Informatika ISP
> 
> I commented the original line containing the mapping between
> Calling-station-id and radiusCallingStationId out. So there shouldnt be any
> complications.
> By the way, its independent from the attribute-name, so even if i change
> the source-ldap-attribute, the problem still occurs.
> 
> 
> > 
> > Dana 20/8/2008, "tschaos at gmx.net" <tschaos at gmx.net> piše:
> > 
> > >-------- Original-Message --------
> > >> Datum: Tue, 19 Aug 2008 17:37:34 +0200
> > >> Von: tschaos at gmx.net
> > >> An: freeradius-users at lists.freeradius.org
> > >> Betreff: Problems with EAP and LDAP replyItems (2.0.2)
> > >
> > >> Hi Guys,
> > >> 
> > >> Since freeradius2 has some major improvements I try to upgrade from
> > 1.1.4.
> > >> Unfortunately there are a few problems i encounter:
> > >> 
> > >> cause of some weird reason the server isn't sending back my LDAP
> > >> replyItems back to the NAS along the Access-Accept packet.
> > >> 
> > >> In short i want to authenticate using EAP/PEAP against the server,
> > which
> > >> itself checks against our LDAP Server. Additionally the server should
> > also
> > >> send back a specific replyItem stored in our LDAP.
> > >> 
> > >> configuration looks like:
> > >> 
> > >> authorize {
> > >>         preprocess
> > >>         eap {
> > >>                 ok = return
> > >>         }
> > >> 
> > >>         ldap1
> > >> }
> > >> 
> > >> 
> > >> authenticate {
> > >>         Auth-Type MS-CHAP {
> > >>                 mschap
> > >>         }
> > >>         eap
> > >> }
> > >> 
> > >> in ldap.attrmap the following is configured:
> > >> 
> > >> replyItem       Airespace-Interface-Name       
> radiusCallingStationId
> > >> 
> > >> so LDAP-Attribute radiusCallingStationId should be transformed to an
> > >> attribute called "Airespace-Interface-Name" and sent back to the NAS.
> > >> 
> > >> As you can see in the following debug-output, at the beginning the
> > server
> > >> sends the attribute back as supposed, but for some weird reason in
> the
> > >> access-accept packet the attribute isnt sent along.
> > >> 
> > >> whats wrong here? 
> > >> 
> > >> Thanks in advance!
> > >> 
> > >> debug-output: [cutted]
> > >
> > >Noone has any clue, why this doesnt work? I really wanted to deploy the
> > server tonight.
> > >
> > >Any help is welcome!
> > >
> > >thanks,
> > >Peter
> > >-- 
> > >Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
> > >Der Eine für Alle: http://www.gmx.net/de/go/messenger03
> > >-
> > >List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > >
> > 
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> 
> -- 
> Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
> Der Eine für Alle: http://www.gmx.net/de/go/messenger03
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03

More information about the Freeradius-Users mailing list