<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
<BR>thanks <BR>
note : i am not use ldap , only database (postgres) for auth and accounting<BR>is that affect?<BR>
<BR>
<BR>
<BLOCKQUOTE>
<HR>
To: freeradius-users@lists.freeradius.org<BR>From: huaraz@moeller.plus.com<BR>Subject: Re: Upgrade error for LDAP in Freeradius2.0<BR>Date: Sat, 26 Jan 2008 16:51:10 +0000<BR><BR>
<META content="Microsoft SafeHTML" name=Generator>
<STYLE>
</STYLE>
<DIV><FONT face=Arial size=2>I came across the same problem and my debugging shows the following:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>1) ldap_groupcmp calls </FONT> <FONT face=Arial size=2>radius_xlat to replace Ldap_UserDn with the value.</FONT></DIV>
<DIV><FONT face=Arial size=2>2) radius_xlat calls decode_attribute </FONT></DIV>
<DIV><FONT face=Arial size=2>3) decode_attribute calls xlat_packet with instance 1 and returns 0 (=nothing found)</FONT></DIV>
<DIV><FONT face=Arial size=2> if ((c = xlat_find(xlat_name)) != NULL) {<BR> if (!c->internal) DEBUG3("radius_xlat: Running registered xlat function of module %s for string \'%s\'",<BR> c->module, xlat_string);<BR> retlen = c->do_xlat(c->instance, request, xlat_string,<BR> q, freespace, func);<BR> /* If retlen is 0, treat it as not found */<BR> if (retlen > 0) found = 1;<BR> }</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>If I look into xlat_packet there is a switch statement for instance and 1 means select request->packet->vps, but if I look into rlm_ldap.c the vps are in request->config_items (e.g instance= 0). If I change instance to 0 in the debugger the expansion seems to work. Unfortunatly I don't know where this is set and what it means </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> switch (*(int*) instance) {<BR> case 0:<BR> vps = request->config_items;<BR> break;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> case 1:<BR> vps = request->packet->vps;<BR> packet = request->packet;<BR> break;<BR></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Markus</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Gopinath Reddy N" <<A href="mailto:gnreddy@gmail.com">gnreddy@gmail.com</A>> wrote in message <A href="http://news:c71dd3900801260505u49df7fe7g69bdb32823c155b8@mail.gmail.com" target=_blank>news:c71dd3900801260505u49df7fe7g69bdb32823c155b8@mail.gmail.com</A>...</DIV>
<DIV>Hi,</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>We have upgraded our freeradius1.6 to 2.0</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>We are using active directory for LDAP server.</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>We have not changed any data in AD. But when we upgrade and try to connect using valid user id..user is getting rejected.</DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>Please let me know if there any issues I need to take before ugprading to 2.0</DIV>
<DIV> </DIV>
<DIV>Iam using same bind DN and other strings in 2.0.</DIV>
<DIV> </DIV>
<DIV>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting LDAP reconnection<BR>rlm_ldap: (re)connect to <A href="http://157.235.205.31:389/" target=_blank>157.235.205.31:389</A>, authentication 0<BR>rlm_ldap: bind as cn=Administrator,cn=Users,dc=Crossfire,dc=symbol,dc=com/windows2003 to <A href="http://157.235.205.31:389/" target=_blank>157.235.205.31:389</A><BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (sAMAccountName=satish)<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> expand: (|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0</DIV>
<DIV> </DIV>
<DIV>*******************************************************<BR>rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (&(cn=sales)(|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))</DIV>
<DIV>rlm_ldap: object not found or got ambiguous search result</DIV>
<DIV>*******************************************************************************<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in CN=satish,CN=Users,DC=Crossfire,DC=symbol,DC=com, with filter (objectclass=*)<BR>rlm_ldap::ldap_groupcmp: ldap_get_values() failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: Entering ldap_groupcmp()<BR> expand: cn=Users,dc=Crossfire,dc=symbol,dc=com -> cn=Users,dc=Crossfire,dc=symbol,dc=com<BR> expand: (|(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (&(cn=sales)(|(&(objectClass=group)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in CN=satish,CN=Users,DC=Crossfire,DC=symbol,DC=com, with filter (objectclass=*)<BR>rlm_ldap::ldap_groupcmp: ldap_get_values() failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> users: Matched entry DEFAULT at line 26<BR>++[files] returns ok<BR>++- entering policy redundant<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for satish<BR> expand: (sAMAccountName=%{User-Name}) -> (sAMAccountName=satish)<BR> expand: cn=Users,dc=Crossfire,dc=symbol,dc=com -> cn=Users,dc=Crossfire,dc=symbol,dc=com<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in cn=Users,dc=Crossfire,dc=symbol,dc=com, with filter (sAMAccountName=satish)<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...</DIV>
<DIV>******************************<BR>WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?</DIV>
<DIV>***************************************<BR>rlm_ldap: user satish authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>+++[ldap_secondary] returns ok<BR>++- policy redundant returns ok<BR> rlm_eap: EAP packet type response id 1 length 11<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>rlm_pap: Found existing Auth-Type, not changing it.<BR>++[pap] returns noop<BR> rad_check_password: Found Auth-Type Reject<BR> rad_check_password: Auth-Type = Reject, rejecting user<BR>auth: Failed to validate the user.<BR>Login incorrect: [satish/<via Auth-Type = Reject>] (from client private-network-1 port 1 cli 00-16-CF-50-6C-8C)</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Thanks</DIV>
<DIV>gnr<BR></DIV>
<HR>
<P><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</BLOCKQUOTE></BLOCKQUOTE><br /><hr />Shed those extra pounds with MSN and The Biggest Loser! <a href='http://biggestloser.msn.com/' target='_new'>Learn more.</a></body>
</html>