Thks for your help, it s very interesting. I have a little hard to understand how it works and it help me much.<br>But I can t made it run :s<br><br>When i try with line you have show me. I can't log with any user. <br>
<br>My server openldap say there isn't any connection from freeradius in his log<br><br>here is an exemple of one user :<br><br><span style="font-size: 14px; font-family: courier;"><pre>dn: uid=Thomas01,ou=heure,dc=network,dc=local<br>
objectClass: account<br>objectClass: simpleSecurityObject<br>objectClass: top<br>uid: Thomas01</pre></span><br>In freeradius here is result of : freeradius -xxyz<br><br>Thread 2 handling request 1, (1 handled so far)<br> User-Name = "Thomas01"<br>
User-Password = "*******"<br> NAS-IP-Address = <a href="http://0.0.0.0">0.0.0.0</a><br> Service-Type = Login-User<br> Framed-IP-Address = 192.168.x.3<br> Calling-Station-Id = "00-18-DE-C8-D9-87"<br>
Called-Station-Id = "00-0C-29-8A-5B-1C"<br> NAS-Identifier = "nas01"<br> Acct-Session-Id = "48327d7900000001"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 1<br> Message-Authenticator = 0x25d1a7b602061b5167c20539366b1e8d<br>
WISPr-Logoff-URL = "<a href="http://192.168.x.1:3990/logoff">http://192.168.x.1:3990/logoff</a>"<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 1<br> modcall[authorize]: module "preprocess" returns ok for request 1<br>
rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 1<br> modcall[authorize]: module "files" returns notfound for request 1<br>rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
modcall[authorize]: module "pap" returns noop for request 1<br>rlm_counter: Entering module authorize code<br>rlm_counter: Could not find Check item value pair<br> modcall[authorize]: module "daily" returns noop for request 1<br>
modcall: leaving group authorize (returns ok) for request 1<br>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>auth: Failed to validate the user.<br>Login incorrect: [Thomas01] (from client hotspot port 1 cli 00-18-DE-C8-D9-87)<br>
Delaying request 1 for 1 seconds<br>Finished request 1<br>Going to the next request<br>Thread 2 waiting to be assigned a request<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 0 with timestamp 483280f4<br>
Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>rad_recv: Access-Request packet from host 192.168.x.253:59308, id=0, length=198<br>Sending Access-Reject of id 0 to 192.168.x.253 port 59308<br>
Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Waking up in 4 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 1 ID 0 with timestamp 483280fa<br>Nothing to do. Sleeping until we see a request.<br>
<br><br><br>If you have any idea it would help me much, i can provide my config files if u want.<br><br>Thks a lot<br><br>Thomas<br>Tribolet<br><br><br><br><br><br><br><div class="gmail_quote">2008/5/20 Ranner, Frank MR <<a href="mailto:Frank.Ranner@defence.gov.au">Frank.Ranner@defence.gov.au</a>>:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">UNCLASSIFIED<br>
<div class="Ih2E3d"><br>
From:<br>
freeradius-users-bounces+frank.ranner=<a href="http://defence.gov.au" target="_blank">defence.gov.au</a>@lists.freeradius.or<br>
g<br>
[mailto:<a href="mailto:freeradius-users-bounces%2Bfrank.ranner">freeradius-users-bounces+frank.ranner</a>=<a href="http://defence.gov.au" target="_blank">defence.gov.au</a>@lists.freer<br>
<a href="http://adius.org" target="_blank">adius.org</a>] On Behalf Of Tribes Tom<br>
</div>Sent: Monday, 19 May 2008 18:33<br>
<div class="Ih2E3d">To: FreeRadius users mailing list<br>
</div>Subject: Re: users advanced configuration [SEC=UNCLASSIFIED]<br>
<div class="Ih2E3d"><br>
<br>
<br>
Can you explain how to do this ?<br>
<br>
I have try this :<br>
<br>
DEFAULT Auth-Type = ldap,Max-Daily-Session :=<br>
3600,Ldap-UserDN := `uid=%{User-Name},ou=heure,dc=network,dc=local`<br>
<br>
</div>All three element of your test are assignments that always return true.<br>
You compare using == not :=<br>
Try:<br>
DEFAULT Ldap-UserDN ==<br>
`uid=%{User-Name},ou=heure,dc=network,dc=local`, Max-Daily-Session :=<br>
3600<br>
<br>
Or<br>
<br>
DEFAULT Ldap-UserDN =~ "^uid=.*,ou=heure,dc=network,dc=local$",<br>
Max-Daily-Session := 3600<br>
<br>
Matching is done from left to right, so Max-Daily-Session is only set if<br>
the Ldap-UserDN matches. It is probably unnecessary to set Auth-Type.<br>
<br>
Regards,<br>
<font color="#888888">Frank Ranner<br>
</font><div><div></div><div class="Wj3C7c"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>