LDAP module for DHCP attribute
Ryan O'Connell
ryno92109 at hotmail.com
Mon Mar 21 18:20:30 CET 2016
Looking to transition an exec module/script I have working to the LDAP module. I am trying to return an option 43 string from LDAP in the reply but I can't seem to figure out the proper way to call the LDAP module correctly. If I call the module in the dhcp site the only time I can get it to trigger is in the post-auth section of the LDAP module where it tries to update the user 'description' attribute that doesn't exist (expected of course but maybe relevant as background info?). I'm using 3.1.x from a week or two ago. Here's a short section of the success with "exec" as well as full debug with the ldap module enabled. Any guidance you can provide is appreciated.
Thanks,
Ryan
------ Success with Exec -------
(1) Received DHCP-Request Id 6b8b4567 from 10.0.7.27:6700 to 10.0.8.53:6700 via eth0 length 282
(1) &request:DHCP-Opcode = Client-Message
(1) &request:DHCP-Hardware-Type = Ethernet
(1) &request:DHCP-Hardware-Address-Length = 6
(1) &request:DHCP-Hop-Count = 0
(1) &request:DHCP-Transaction-Id = 1804289383
(1) &request:DHCP-Number-of-Seconds = 0
(1) &request:DHCP-Flags = 0
(1) &request:DHCP-Client-IP-Address = 0.0.0.0
(1) &request:DHCP-Your-IP-Address = 0.0.0.0
(1) &request:DHCP-Server-IP-Address = 0.0.0.0
(1) &request:DHCP-Gateway-IP-Address = 10.0.7.27
(1) &request:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(1) &request:DHCP-Message-Type = DHCP-Request
(1) &request:DHCP-Client-Identifier = 0x646863706572665f31
(1) &request:DHCP-Requested-IP-Address = 192.168.39.168
(1) &request:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) &request:DHCP-Parameter-Request-List = DHCP-Subnet-Mask
(1) &request:DHCP-Parameter-Request-List = DHCP-Router-Address
(1) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
(1) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name
(1) &request:DHCP-Relay-Remote-Id = 00:00:00:00:00:01
(1) Trying sub-section dhcp DHCP-Request {...}
(1) dhcp DHCP-Request {
(1) update reply {
(1) &reply:DHCP-Message-Type = DHCP-Ack
(1) } # update reply (noop)
(1) update reply {
(1) &reply:DHCP-Subnet-Mask = 255.0.0.0
(1) &reply:DHCP-Router-Address = 10.0.0.1
(1) &reply:DHCP-IP-Address-Lease-Time = 86400
(1) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) } # update reply (noop)
(1) update control {
(1) &control:Pool-Name := test
(1) } # update control (noop)
(1) update reply {
(1) EXPAND %{exec:/etc/raddb/ldaplookup.sh %{DHCP-Client-Hardware-Address}}
(1) Executing: /etc/raddb/ldaplookup.sh 00:00:00:00:00:01
(1) Program returned code (0) and output '0x010300A0BC0209555400000000000006030e5554000000000000010101000009041055545f312e312e312e302e392e62696e05040a50001e'
(1) --> 0x010300A0BC0209555400000000000006030e5554000000000000010101000009041055545f312e312e312e302e392e62696e05040a50001e
(1) &reply:DHCP-Vendor = 0x010300a0bc0209555400000000000006030e5554000000000000010101000009041055545f312e312e312e302e392e62696e05040a50001e
(1) } # update reply (noop)
(1) redis_ippool - Allocating lease from pool "test", to "00:00:00:00:00:01", expires in 30s
(1) redis_ippool - Reserved connection (0)
(1) redis_ippool - [1] >>> Sending command(s) to 127.0.0.1:6379
(1) redis_ippool - [1] <<< Returned: success
(1) redis_ippool - Released connection (0)
(1) redis_ippool - &reply:DHCP-Your-IP-Address := 192.168.39.168
(1) redis_ippool - &reply:DHCP-IP-Address-Lease-Time := 30
(1) redis_ippool - IP address lease allocated
(1) redis_ippool (updated)
(1) update reply {
(1) &reply:DHCP-IP-Address-Lease-Time = 86400
(1) } # update reply (noop)
(1) ok (ok)
(1) } # dhcp DHCP-Request (updated)
(1) Reply will be unicast to giaddr from original packet
(1) Sent DHCP-Ack Id 6b8b4567 from 10.0.8.53:6700 to 10.0.7.27:6700 via eth0 length 0
(1) &reply:DHCP-Relay-IP-Address = 10.0.7.27
(1) &reply:DHCP-Message-Type = DHCP-Ack
(1) &reply:DHCP-Subnet-Mask = 255.0.0.0
(1) &reply:DHCP-Router-Address = 10.0.0.1
(1) &reply:DHCP-IP-Address-Lease-Time := 30
(1) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) &reply:DHCP-Vendor = 0x010300a0bc0209555400000000000006030e5554000000000000010101000009041055545f312e312e312e302e392e62696e05040a50001e
(1) &reply:DHCP-Your-IP-Address := 192.168.39.168
(1) &reply:DHCP-Opcode = Server-Message
(1) &reply:DHCP-Hardware-Type = Ethernet
(1) &reply:DHCP-Hardware-Address-Length = 6
(1) &reply:DHCP-Hop-Count = 0
(1) &reply:DHCP-Transaction-Id = 1804289383
(1) &reply:DHCP-Flags = 0
(1) &reply:DHCP-Client-IP-Address = 0.0.0.0
(1) &reply:DHCP-Gateway-IP-Address = 10.0.7.27
(1) &reply:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(1) Finished request
(1) Cleaning up request packet ID 1804289383 with timestamp +3
------ Failure with LDAP -------
[root at 15597-vos-dhcp2-vos-dhcp10 ~]# /usr/sbin/radiusd -X
FreeRADIUS Version 3.1.0
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/redis
including configuration file /etc/raddb/mods-enabled/redis_ippool
including configuration file /etc/raddb/mods-enabled/ldap
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/abfab-tr
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/vendor
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/dhcp
including configuration file /etc/raddb/sites-enabled/default
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 3
continuation_timeout = 15
max_requests = 100000
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
allow_vulnerable_openssl = "no"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
thread pool {
start_servers = 50
max_servers = 64
min_spare_servers = 15
max_spare_servers = 35
max_requests_per_server = 64
cleanup_delay = 5
max_queue_size = 65536
auto_limit_acct = no
}
WARNING: Ignoring "max_spare_servers = 35", forcing to "max_spare_servers = 15"
listen {
type = "dhcp"
ipaddr = 10.0.8.53
port = 6700
recv_buff = 0
No "interface" setting is defined. Only unicast DHCP will work
src_ipaddr = 10.0.8.53
}
radiusd: #### Loading modules ####
modules {
# Loaded module "rlm_always"
# Loading module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module "rlm_dhcp"
# Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module "rlm_exec"
# Loading module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module "rlm_redis"
# Loading module "redis" from file /etc/raddb/mods-enabled/redis
redis {
server = "127.0.0.1"
port = 6379
database = 0
max_nodes = 20
max_alt = 3
max_redirects = 2
}
libfreeradius-redis: libhiredis version: 0.12.1
# Loaded module "rlm_redis_ippool"
# Loading module "redis_ippool" from file /etc/raddb/mods-enabled/redis_ippool
redis_ippool {
copy_on_update = yes
redis {
server = "localhost"
port = 6379
database = 0
max_nodes = 20
max_alt = 3
max_redirects = 2
}
}
# Loaded module "rlm_ldap"
# Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
ldap {
server = "10.0.8.156"
identity = "cn=Manager,dc=example,dc=com"
password = <<< secret >>>
sasl {
}
user {
scope = "one"
access_positive = yes
sasl {
}
}
group {
filter = "(objectClass=posixGroup)"
scope = "sub"
name_attribute = "cn"
membership_attribute = "memberOf"
cacheable_name = no
cacheable_dn = no
}
client {
filter = "(objectClass=radiusClient)"
scope = "sub"
base_dn = "dc=example,dc=com"
}
profile {
}
options {
ldap_debug = 296
chase_referrals = yes
use_referral_credentials = no
rebind = yes
session_tracking = no
res_timeout = 10
srv_timelimit = 3
idle = 60
probes = 3
interval = 3
}
tls {
start_tls = no
}
}
Creating attribute LDAP-Group
instantiate {
}
} # modules
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
# Instantiating module "redis" from file /etc/raddb/mods-enabled/redis
rlm_redis (redis) [1] - Initialising connection pool
pool {
start = 50
min = 15
max = 64
spare = 35
uses = 0
lifetime = 86400
cleanup_interval = 300
idle_timeout = 600
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 30
spread = no
}
rlm_redis (redis) [1] - Opening additional connection (0), 1 of 64 pending slots used
rlm_redis (redis) [1]: Connecting node to 127.0.0.1:6379
:::::::
# Instantiating module "redis_ippool" from file /etc/raddb/mods-enabled/redis_ippool
rlm_redis (redis) [1] - Initialising connection pool
pool {
start = 0
min = 15
max = 64
spare = 35
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 30
spread = no
}
rlm_redis (redis) [1] - 0 of 0 connections in use. You may need to increase "spare"
rlm_redis (redis) [1] - Opening additional connection (0), 1 of 64 pending slots used
rlm_redis (redis) [1]: Connecting node to 127.0.0.1:6379
rlm_redis (redis) [1] - Reserved connection (0)
rlm_redis (redis): Bootstrap server "localhost" returned: PGf?
rlm_redis (redis) [1] - Released connection (0)
rlm_redis (redis) [1] - Need 14 more connections to reach 35 spares
rlm_redis (redis) [1] - Opening additional connection (1), 1 of 64 pending slots used
rlm_redis (redis) [1]: Connecting node to 127.0.0.1:6379
rlm_redis (redis) [1] - Reserved connection (0)
rlm_redis (redis) [1] - Released connection (0)
# Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
rlm_ldap (ldap) - libldap vendor: OpenLDAP, version: 20440
accounting {
reference = "."
}
post-auth {
reference = "."
}
rlm_ldap (ldap) - Initialising connection pool
pool {
start = 50
min = 15
max = 64
spare = 35
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3.000000
held_trigger_min = 0.000000
held_trigger_max = 0.500000
retry_delay = 30
spread = no
}
rlm_ldap (ldap) - Opening additional connection (0), 1 of 64 pending slots used
rlm_ldap (ldap) - Connecting to ldap://10.0.8.156:389
rlm_ldap (ldap) - Waiting for bind result...
rlm_ldap (ldap) - Bind successful
rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base"
rlm_ldap (ldap) - Waiting for search result...
rlm_ldap (ldap) - Directory type: OpenLDAP
::::::
radiusd: #### Loading Virtual Servers ####
server dhcp { # from file /etc/raddb/sites-enabled/dhcp
# Loading dhcp DHCP-Discover {...}
# Loading dhcp DHCP-Request {...}
# Loading dhcp DHCP-Decline {...}
# Loading dhcp DHCP-Inform {...}
# Loading dhcp DHCP-Release {...}
# Loading dhcp DHCP-Lease-Query {...}
} # server dhcp
server default { # from file /etc/raddb/sites-enabled/default
} # server default
radiusd: #### Opening IP addresses and Ports ####
Listening on dhcp address 10.0.8.53 port 6700 bound to server dhcp
Ready to process requests
(0) Received DHCP-Discover Id 6b8b4567 from 10.0.7.27:6700 to 10.0.8.53:6700 via eth0 length 270
(0) &request:DHCP-Opcode = Client-Message
(0) &request:DHCP-Hardware-Type = Ethernet
(0) &request:DHCP-Hardware-Address-Length = 6
(0) &request:DHCP-Hop-Count = 0
(0) &request:DHCP-Transaction-Id = 1804289383
(0) &request:DHCP-Number-of-Seconds = 0
(0) &request:DHCP-Flags = 0
(0) &request:DHCP-Client-IP-Address = 0.0.0.0
(0) &request:DHCP-Your-IP-Address = 0.0.0.0
(0) &request:DHCP-Server-IP-Address = 0.0.0.0
(0) &request:DHCP-Gateway-IP-Address = 10.0.7.27
(0) &request:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(0) &request:DHCP-Message-Type = DHCP-Discover
(0) &request:DHCP-Client-Identifier = 0x646863706572665f31
(0) &request:DHCP-Parameter-Request-List = DHCP-Subnet-Mask
(0) &request:DHCP-Parameter-Request-List = DHCP-Router-Address
(0) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
(0) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name
(0) &request:DHCP-Relay-Remote-Id = 00:00:00:00:00:01
(0) Trying sub-section dhcp DHCP-Discover {...}
(0) dhcp DHCP-Discover {
(0) update reply {
(0) &reply:DHCP-Message-Type = DHCP-Offer
(0) } # update reply (noop)
(0) update reply {
(0) &reply:DHCP-Subnet-Mask = 255.0.0.0
(0) &reply:DHCP-Router-Address = 10.0.0.1
(0) &reply:DHCP-IP-Address-Lease-Time = 86400
(0) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(0) } # update reply (noop)
(0) update control {
(0) &control:Pool-Name := test
(0) } # update control (noop)
(0) redis_ippool - Allocating lease from pool "test", to "00:00:00:00:00:01", expires in 30s
(0) redis_ippool - Reserved connection (1)
(0) redis_ippool - [1] >>> Sending command(s) to 127.0.0.1:6379
(0) redis_ippool - [1] <<< Returned: success
(0) redis_ippool - Released connection (1)
(0) redis_ippool - Need 13 more connections to reach 35 spares
(0) redis_ippool - Opening additional connection (2), 1 of 1022 pending slots used
rlm_redis (redis) [1]: Connecting node to 127.0.0.1:6379
(0) redis_ippool - &reply:DHCP-Your-IP-Address := 192.168.39.169
(0) redis_ippool - &reply:DHCP-IP-Address-Lease-Time := 30
(0) redis_ippool - IP address lease allocated
(0) redis_ippool (updated)
(0) ok (ok)
(0) } # dhcp DHCP-Discover (updated)
(0) Reply will be unicast to giaddr from original packet
(0) Sent DHCP-Offer Id 6b8b4567 from 10.0.8.53:6700 to 10.0.7.27:6700 via eth0 length 0
(0) &reply:DHCP-Relay-IP-Address = 10.0.7.27
(0) &reply:DHCP-Message-Type = DHCP-Offer
(0) &reply:DHCP-Subnet-Mask = 255.0.0.0
(0) &reply:DHCP-Router-Address = 10.0.0.1
(0) &reply:DHCP-IP-Address-Lease-Time := 30
(0) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(0) &reply:DHCP-Your-IP-Address := 192.168.39.169
(0) &reply:DHCP-Opcode = Server-Message
(0) &reply:DHCP-Hardware-Type = Ethernet
(0) &reply:DHCP-Hardware-Address-Length = 6
(0) &reply:DHCP-Hop-Count = 0
(0) &reply:DHCP-Transaction-Id = 1804289383
(0) &reply:DHCP-Flags = 0
(0) &reply:DHCP-Client-IP-Address = 0.0.0.0
(0) &reply:DHCP-Gateway-IP-Address = 10.0.7.27
(0) &reply:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(0) Finished request
(0) Cleaning up request packet ID 1804289383 with timestamp +7
Ready to process requests
(1) Received DHCP-Request Id 6b8b4567 from 10.0.7.27:6700 to 10.0.8.53:6700 via eth0 length 282
(1) &request:DHCP-Opcode = Client-Message
(1) &request:DHCP-Hardware-Type = Ethernet
(1) &request:DHCP-Hardware-Address-Length = 6
(1) &request:DHCP-Hop-Count = 0
(1) &request:DHCP-Transaction-Id = 1804289383
(1) &request:DHCP-Number-of-Seconds = 0
(1) &request:DHCP-Flags = 0
(1) &request:DHCP-Client-IP-Address = 0.0.0.0
(1) &request:DHCP-Your-IP-Address = 0.0.0.0
(1) &request:DHCP-Server-IP-Address = 0.0.0.0
(1) &request:DHCP-Gateway-IP-Address = 10.0.7.27
(1) &request:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(1) &request:DHCP-Message-Type = DHCP-Request
(1) &request:DHCP-Client-Identifier = 0x646863706572665f31
(1) &request:DHCP-Requested-IP-Address = 192.168.39.169
(1) &request:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) &request:DHCP-Parameter-Request-List = DHCP-Subnet-Mask
(1) &request:DHCP-Parameter-Request-List = DHCP-Router-Address
(1) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
(1) &request:DHCP-Parameter-Request-List = DHCP-Domain-Name
(1) &request:DHCP-Relay-Remote-Id = 00:00:00:00:00:01
(1) Trying sub-section dhcp DHCP-Request {...}
(1) dhcp DHCP-Request {
(1) update reply {
(1) &reply:DHCP-Message-Type = DHCP-Ack
(1) } # update reply (noop)
(1) update reply {
(1) &reply:DHCP-Subnet-Mask = 255.0.0.0
(1) &reply:DHCP-Router-Address = 10.0.0.1
(1) &reply:DHCP-IP-Address-Lease-Time = 86400
(1) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) } # update reply (noop)
(1) update control {
(1) &control:Pool-Name := test
(1) } # update control (noop)
(1) ldap - EXPAND .
(1) ldap - --> .
(1) ldap - EXPAND Authenticated at %S
(1) ldap - --> Authenticated at 2016-03-21 12:45:47
(1) ldap - Reserved connection (0)
(1) ldap - EXPAND (cn=1,6,%{DHCP-Client-Hardware-Address})
(1) ldap - --> (cn=1,6,00:00:00:00:00:01)
(1) ldap - Performing search in "dc=example,dc=com" with filter "(cn=1,6,00:00:00:00:00:01)", scope "one"
(1) ldap - Waiting for search result...
(1) ldap - User object found at DN "cn=1\,6\,00:00:00:00:00:01,dc=example,dc=com"
(1) ldap - Modifying object with DN "cn=1\,6\,00:00:00:00:00:01,dc=example,dc=com"
(1) ldap - Waiting for modify result...
(1) ldap - ERROR: Failed modifying object: Object class violation
(1) ldap - ERROR: Server said: attribute 'description' not allowed.
(1) ldap - Released connection (0)
(1) ldap (fail)
(1) } # dhcp DHCP-Request (fail)
(1) Reply will be unicast to giaddr from original packet
(1) Sent DHCP-Ack Id 6b8b4567 from 10.0.8.53:6700 to 10.0.7.27:6700 via eth0 length 0
(1) &reply:DHCP-Relay-IP-Address = 10.0.7.27
(1) &reply:DHCP-Message-Type = DHCP-Ack
(1) &reply:DHCP-Subnet-Mask = 255.0.0.0
(1) &reply:DHCP-Router-Address = 10.0.0.1
(1) &reply:DHCP-IP-Address-Lease-Time = 86400
(1) &reply:DHCP-DHCP-Server-Identifier = 10.0.8.53
(1) &reply:DHCP-Opcode = Server-Message
(1) &reply:DHCP-Hardware-Type = Ethernet
(1) &reply:DHCP-Hardware-Address-Length = 6
(1) &reply:DHCP-Hop-Count = 0
(1) &reply:DHCP-Transaction-Id = 1804289383
(1) &reply:DHCP-Flags = 0
(1) &reply:DHCP-Client-IP-Address = 0.0.0.0
(1) &reply:DHCP-Gateway-IP-Address = 10.0.7.27
(1) &reply:DHCP-Client-Hardware-Address = 00:00:00:00:00:01
(1) Finished request
(1) Cleaning up request packet ID 1804289383 with timestamp +7
More information about the Freeradius-Users
mailing list