Freeradius with LDAP and in second LDAP Authorization or Proxying

Jörn Volkhausen volkhausen.joern at gmx.de
Mon Mar 13 12:01:28 CET 2017 

Thanks for the reply, i think it was the kick in the right direction.
But now i have other problems.


> so you authorize already?  if so, what LDAP attribute (group etc) can you use to distinguish
> the 2 types?  just use that as the basis for unlang
> in authorize {}, just after ldap, you can do eg
> if (%{LDAP-Group} == "unmanaged"){
>  update control {
> 	Proxy-to-Realm := unmanaged
> 	}
>  updated
> }
my LDAP section looks like this:
ldap-kap-costumertype
if ("%{ManageType}" == unmanaged){
    update control {
        Proxy-to-Realm := unmanaged
    }
    updated
}

The ManageType value i have added in ldap.attrmap and in dictionary as
string.
the server starts up and checks for the value in "ManageType" when i
send an test request. But the value that he have found in the ldap is
not in the Variable.
see log output:

[ldap-kap-costumertype] performing user authorization for test
[ldap-kap-costumertype]     expand: ou=%{Group-Name} -> ou=test.dt
[ldap-kap-costumertype]     expand: dc=domain,dc=de -> dc=domain,dc=de
  [ldap-kap-costumertype] ldap_get_conn: Checking Id: 0
  [ldap-kap-costumertype] ldap_get_conn: Got Id: 0
  [ldap-kap-costumertype] attempting LDAP reconnection
  [ldap-kap-costumertype] (re)connect to test:636, authentication 0
  [ldap-kap-costumertype] setting TLS mode to 1
  [ldap-kap-costumertype] bind as
cn=radiusbinduser,ou=admins,dc=domain,dc=de/XXXXXXX to test:636
  [ldap-kap-costumertype] waiting for bind result ...
  [ldap-kap-costumertype] Bind was successful
  [ldap-kap-costumertype] performing search in dc=domain,dc=de, with
filter ou=test.dt
[ldap-kap-costumertype] No default NMAS login sequence
[ldap-kap-costumertype] looking for check items in directory...
  [ldap-kap-costumertype] businessCategory -> ManageType == "unmanaged"
[ldap-kap-costumertype] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that
the user is configured correctly?
  [ldap-kap-costumertype] ldap_release_conn: Release Id: 0
++[ldap-kap-costumertype] = ok
++? if ("%{ManageType}" == unmanaged)
    expand: %{ManageType} ->
? Evaluating ("%{ManageType}" == unmanaged) -> FALSE
++? if ("%{ManageType}" == unmanaged) -> FALSE

More information about the Freeradius-Users mailing list