LDAP Query: Not Found

Scott Pickles scottpickles at yahoo.com
Thu Jul 30 18:03:47 CEST 2015


Doh!  Nevermind.  Had to uncomment the auth-type declaration for ldap in the authenticate section.
 


     On Thursday, July 30, 2015 11:56 AM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
   

 From the documentation within the ldap module, I added the following to my default site config:
#  The ldap module reads passwords from the LDAP database.
    ldap
        if(Ldap-Group == "VPN-Internal") {
            if ((ok || updated) && User-Password) {
                update {
                    control:Auth-Type := ldap
                }
            }
        }
        else {
            reject
        }
    ntlm_auth
I get the following error:
/etc/raddb/sites-enabled/default[386]: Unknown value 'ldap' for attribute 'Auth-Type'
/etc/raddb/sites-enabled/default[385]: Failed to parse "update" subsection.
/etc/raddb/sites-enabled/default[384]: Failed to parse "if" subsection.
/etc/raddb/sites-enabled/default[254]: Errors parsing authorize section.
I thought I saw somewhere that I have to add that to the dictionary?  
 


    On Tuesday, July 28, 2015 5:44 PM, "A.L.M.Buxey at lboro.ac.uk" <A.L.M.Buxey at lboro.ac.uk> wrote:
  

 Hi,

>    >>How come search fails first time
>    >>(0) Search returned no results
>    >>(0) Search returned not found

different scope

>    >>To fix this, do I add Auth-Type to my unlang statement?
>    >>(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
>    Reject

in version 2 this is one of the times when you would set the Auth-Type...as per some of
the docs.  in versiojn 3 this is much different...and I would advise that you use version 3

in version 2 you could probably do something like this (after the PAP section in Authorize)

if (!control:Auth-Type) {
    update control {
        Auth-Type = "ntlm_auth"
    }
}

alan



  
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  


More information about the Freeradius-Users mailing list