No subject

Saurabh Lahoti saurabh.astronomy at gmail.com
Thu May 24 10:58:15 CEST 2018


Dear Alan,

Below is our ldap module config:

ldap ldapwifi1 {
  server = "192.168.154.33"
  identity = "uid=wifitest,ou=production,ou=system,o=domain.com"
  password = xxxxxx
  basedn = "o=domain.com"
  filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(!(nsaccountlock=true)))"
  base_filter = "(objectclass=*)"
  groupmembership_filter =
"(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))"
  ldap_connections_number = 5
  timeout = 10
  timelimit = 9
  net_timeout = 10
  tls {
    start_tls = no
  }
  dictionary_mapping = ${confdir}/ldap.attrmap
  Framed-Ip-Address = ipaddress
  edir_account_policy_check = no
}

ldap ldapwifi2 {
  server = "192.168.154.34"
  identity = "uid=wifitest,ou=production,ou=system,o=domain.com"
  password = xxxxxx
  basedn = "o=mobistar.be"
  filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(!(nsaccountlock=true)))"
  base_filter = "(objectclass=*)"
  groupmembership_filter =
"(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))"
  ldap_connections_number = 5
  timeout = 10
  timelimit = 9
  net_timeout = 10
  tls {
    start_tls = no
  }
  dictionary_mapping = ${confdir}/ldap.attrmap
  Framed-Ip-Address = ipaddress
  edir_account_policy_check = no
}


Below is my ldap server config in sites-enabled:
server wifi {

authorize {
        preprocess
        suffix
#        if ( Called-Station-id =~ /:OBE_Byod$/ ) {
 #                eap_byod
#        }
        if( Called-Station-Id =~ /:OBE_Office$/ ) {
        eap
        }
        elsif( Airespace-Wlan-Id == 2 ) {
                        redundant-load-balance {
                                ldapwifi1
                                ldapwifi2
                        }
        }
        expiration
        logintime
}

authenticate {
  Auth-Type LDAP {
    redundant-load-balance {
      ldapwifi1
      ldapwifi2
    }
  }
 # Auth-Type eap_byod {
  # eap_byod
  #}
  Auth-Type eap {
    eap
  }
}

preacct {
        preprocess
          update request {
                FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l -
%{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
        }
        acct_unique
        suffix
}

accounting {
  wifi
  linelog-session
}

session {
}

post-auth {
    if( Airespace-Wlan-Id == 2 ) {
      if( "%{control:LDAP-UserDN}" =~ /ou=guest,ou=wifi,o=domain.com$/i ) {
        noop
      }
      elsif( LDAP_Group == "cn=WiFiGuestPartners,ou=RADIUS
Groups,ou=Groups,ou=staff,o=domain.com" ) {
        noop
      }
    else {
        reject
    }
 }
  linelog-access
 #       Post-Auth-Type REJECT {
  #         linelog-access
   #        attr_filter.access_reject
    #    }
}


pre-proxy {
}

post-proxy {
}

}


Could you please help where is the configuration wrong..?

----

*Thanks & Kind Regards,*
Saurabh LAHOTI.


More information about the Freeradius-Users mailing list