vlan ldap radiusd

Serge van Namen svnamen at snow.nl
Mon Jul 18 10:46:53 CEST 2011


Op 15 jul 2011, om 23:25 heeft Alexander Clouter het volgende geschreven:

> Serge van Namen <svnamen at snow.nl> wrote:
>> 
>> I accomplished to strip the username, it authenticates successfully against LDAP.
>> But eventually it fails on EAP I think, because the username isn't the original from the request.
>> 
>> [snipped]
>>   users: Matched entry DEFAULT at line 7
>> modcall[authorize]: module "files" returns ok for request 3
>> 
> What does this do?
> 
> You must not change User-Name at all...I suspect somewhere in your 
> configuration you are doing so to try to fix another problem.  If you 
> want the User-Name to be realmless then use Stripped-User-Name or use 
> unlang to populate something like Tmp-String-0.

DEFAULT Suffix == "@realm", Strip-User-Name = Yes, Auth-Type = "LdapY", Autz-Type = "LdapY"
        Tunnel-Medium-Type = IEEE-802,
        Tunnel-Type = VLAN,
        Tunnel-Private-Group-ID = 1

> 
>> rlm_ldap: - authorize
>> rlm_ldap: performing user authorization for userA
>> radius_xlat:  '(uid=userA)'
>> radius_xlat:  'ou=y,ou=people,dc=example,dc=com'
>> 
> What are you xlat'ing?  Can we see your configuration?  Are you using 
> ldap xlat to set User-Name?  If so, don't!

I didn't configure any xlat'ing afaik, maybe default behavior from what I configured above?

> 
> Cheers
> 
> -- 
> Alexander Clouter
> .sigmonster says: fortune: not found
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list