why is Called-Station-SSID not processed?

Zeus Panchenko zeus at ibs.dn.ua
Thu Aug 13 00:22:27 CEST 2015 

Alan DeKok <aland at deployingradius.com> wrote:
> On Aug 8, 2015, at 10:48 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
> > and in general ... what is the LDAP equivalent to users file configuration?
> 
>   There is no LDAP equivalent to the "users" file configuration.  If there was, it would be documented.
> 

ok, finally I have checked my v.2.x "users" file configuration against
v.3.0.9 installation and found, that in my case,

User-Profile, set for DEFAULT user in "users" is not applied at all
... though group check is passed successfully

and I am unable to find anything what could shade light on the cause
... so, help me to see it please ...

here is what I receive:

---[ -X debug start ]-------------------------------------------
...
(6) files: No group membership attribute(s) found in user object
rlm_ldap (ldap): Released connection (8)
(6) files: User is not a member of "wifi-lcu"
(6) files: Searching for user in group "visitor"
rlm_ldap (ldap): Reserved connection (9)
(6) files: Using user DN from request "uid=rad-visitor,authorizedService=802.1x-eap-tls at xyz,uid=fo02-admin,ou=People,dc=xyz"
(6) files: Checking for user in group objects
(6) files:   EXPAND (&(cn=visitor)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))
(6) files:      --> (&(cn=visitor)(memberUid=rad-visitor))
(6) files:   Performing search in "ou=groups,ou=RADIUS,dc=xyz" with filter "(&(cn=visitor)(memberUid=rad-visitor))", scope "sub"
(6) files:   Waiting for search result...
(6) files: User found in group object "ou=groups,ou=RADIUS,dc=xyz"
rlm_ldap (ldap): Released connection (9)
(6) files: users: Matched entry DEFAULT at line 95
(6) files: EXPAND User-Profile is %{User-Profile}
(6) files:    --> User-Profile is 
(6)       [files] = ok
rlm_ldap (ldap): Reserved connection (10)
...
---[ -X debug end   ]-------------------------------------------



---[ "users" file starting from L95 quotation start ]-----------
DEFAULT Ldap-Group == 'visitor', User-Profile := "cn=visitor,ou=profiles,ou=RADIUS,dc=ibs"
        Reply-Message := "User-Profile is %{User-Profile}",
        Fall-Through = no
---[ "users" file quotation end   ]-----------------------------




-- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150812/04bc3df8/attachment.sig>

More information about the Freeradius-Users mailing list