groupcmp fails during tunneled request

Ivan Kalik tnt at kalik.net
Tue Apr 28 16:41:22 CEST 2009


> I'm having an issue with the group check (ldap_groupcmp).
>
> Everything is fine until the request is tunnelled, and I can't find out
> why my user is rejected there....
> It seems that he ends in this section during this phase:
> DEFAULT Ldap-Group == BANNED , Auth-Type := Reject
>         Reply-Message = "Account disabled.  Please call the helpdesk."
>

No. That didn't match.

> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap::groupcmp: Group BANNED not
> found or user not a member

See.

> Tue Apr 28 11:42:35 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id:
> 0
> Tue Apr 28 11:42:35 2009 : Info: [files] users: Matched entry DEFAULT at
> line 15

But something else did. What is on line 15 in users file?

> Tell me if you need more debug output...

We do. This doesn't show anything. Post the debug with whole inner tunnel
exchange.

> It was working perfectly before I introduced the group check using the
> huntgroups.
>

Huntgroups?

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list