<div>i disabled " access_attr="dialupAccess" " in radiusd.conf file</div>
<div>it works correctly thank you ;-) <br><br></div>
<div class="gmail_quote">2008/5/30 Ivan Kalik <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>>:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Again:<br><br><a href="http://wiki.freeradius.org/index.php/Rlm_ldap" target="_blank">http://wiki.freeradius.org/index.php/Rlm_ldap</a><br>
<br>Access attribute and it's use is explained in there. You can disable it<br>if you want. Or allow access if it doesn't exist.<br><br>Ivan Kalik<br>Kalik Informatika ISP<br><br><br>Dana 30/5/2008, "youness hsina" <<a href="mailto:youness.hsina@gmail.com">youness.hsina@gmail.com</a>> pi¹e:<br>
<div>
<div></div>
<div class="Wj3C7c"><br>>Hi Lists,<br>>sorry for my english and thank you very much in advance for your help.<br>><br>>I'm trying to make a test in radius server with a user who is locate in<br>>ldap server with this commande :<br>
>*# radtest yhsina yhsina localhost 0 test<br>>*and i'm getting this message :<br>>Sending Access-Request of id 36 to <a href="http://127.0.0.1/" target="_blank">127.0.0.1</a> port 1812<br>> User-Name = "yhsina"<br>
> User-Password = "yhsina"<br>> NAS-IP-Address = <a href="http://255.255.255.255/" target="_blank">255.255.255.255</a><br>> NAS-Port = 0<br>>*rad_recv: Access-Reject packet from host <a href="http://127.0.0.1:1812/" target="_blank">127.0.0.1:1812</a>, id=36, length=20<br>
>*in debugging mode i have this error : *<br>>**rlm_ldap: no dialupAccess attribute - access denied by default*<br>>*<br>>*Have you any ideas please why it doen't work ?<br>><br>>here's my debugging message :<br>
><br>>radius# radiusd -X -A &<br>>[1] 4889<br>>radius# Starting - reading configuration files ...<br>>reread_config: reading radiusd.conf<br>>Config: including file: /usr/local/etc/raddb/proxy.conf<br>
>Config: including file: /usr/local/etc/raddb/clients.conf<br>>Config: including file: /usr/local/etc/raddb/snmp.conf<br>>Config: including file: /usr/local/etc/raddb/eap.conf<br>>Config: including file: /usr/local/etc/raddb/sql.conf<br>
> main: prefix = "/usr/local"<br>> main: localstatedir = "/var"<br>> main: logdir = "/var/log"<br>> main: libdir = "/usr/local/lib"<br>> main: radacctdir = "/var/log/radacct"<br>
> main: hostname_lookups = no<br>> main: snmp = no<br>> main: max_request_time = 30<br>> main: cleanup_delay = 5<br>> main: max_requests = 1024<br>> main: delete_blocked_requests = 0<br>> main: port = 0<br>
> main: allow_core_dumps = no<br>> main: log_stripped_names = no<br>> main: log_file = "/var/log/radius.log"<br>> main: log_auth = no<br>> main: log_auth_badpass = no<br>> main: log_auth_goodpass = no<br>
> main: pidfile = "/var/run/radiusd/radiusd.pid"<br>> main: user = "(null)"<br>> main: group = "(null)"<br>> main: usercollide = no<br>> main: lower_user = "no"<br>> main: lower_pass = "no"<br>
> main: nospace_user = "no"<br>> main: nospace_pass = "no"<br>> main: checkrad = "/usr/local/sbin/checkrad"<br>> main: proxy_requests = yes<br>> proxy: retry_delay = 5<br>> proxy: retry_count = 3<br>
> proxy: synchronous = yes<br>> proxy: default_fallback = yes<br>> proxy: dead_time = 120<br>> proxy: post_proxy_authorize = no<br>> proxy: wake_all_if_all_dead = no<br>> security: max_attributes = 200<br>
> security: reject_delay = 1<br>> security: status_server = no<br>> main: debug_level = 0<br>>read_config_files: reading dictionary<br>>read_config_files: reading naslist<br>>Using deprecated naslist file. Support for this will go away soon.<br>
>read_config_files: reading clients<br>>read_config_files: reading realms<br>>radiusd: entering modules setup<br>>Module: Library search path is /usr/local/lib<br>>Module: Loaded exec<br>> exec: wait = yes<br>
> exec: program = "(null)"<br>> exec: input_pairs = "request"<br>> exec: output_pairs = "(null)"<br>> exec: packet_type = "(null)"<br>>rlm_exec: Wait=yes but no output defined. Did you mean output=none?<br>
>Module: Instantiated exec (exec)<br>>Module: Loaded expr<br>>Module: Instantiated expr (expr)<br>>Module: Loaded PAP<br>> pap: encryption_scheme = "crypt"<br>> pap: auto_header = yes<br>>Module: Instantiated pap (pap)<br>
>Module: Loaded CHAP<br>>Module: Instantiated chap (chap)<br>>Module: Loaded MS-CHAP<br>> mschap: use_mppe = yes<br>> mschap: require_encryption = no<br>> mschap: require_strong = no<br>> mschap: with_ntdomain_hack = no<br>
> mschap: passwd = "(null)"<br>> mschap: ntlm_auth = "(null)"<br>>Module: Instantiated mschap (mschap)<br>>Module: Loaded System<br>> unix: cache = no<br>> unix: passwd = "(null)"<br>
> unix: shadow = "(null)"<br>> unix: group = "(null)"<br>> unix: radwtmp = "/var/log/radwtmp"<br>> unix: usegroup = no<br>> unix: cache_reload = 600<br>>Module: Instantiated unix (unix)<br>
>Module: Loaded LDAP<br>> ldap: server = "<a href="http://192.168.33.33/" target="_blank">192.168.33.33</a>"<br>> ldap: port = 389<br>> ldap: net_timeout = 1<br>> ldap: timeout = 4<br>> ldap: timelimit = 3<br>
> ldap: identity = "cn=Manager,dc=iut-velizy,dc=uvsq,dc=fr"<br>> ldap: tls_mode = no<br>> ldap: start_tls = no<br>> ldap: tls_cacertfile = "(null)"<br>> ldap: tls_cacertdir = "(null)"<br>
> ldap: tls_certfile = "(null)"<br>> ldap: tls_keyfile = "(null)"<br>> ldap: tls_randfile = "(null)"<br>> ldap: tls_require_cert = "allow"<br>> ldap: password = "secret"<br>
> ldap: basedn = "dc=iut-velizy,dc=uvsq,dc=fr"<br>> ldap: filter = "(uid=%u)"<br>> ldap: base_filter = "(objectclass=radiusprofile)"<br>> ldap: default_profile = "(null)"<br>
> ldap: profile_attribute = "(null)"<br>> ldap: password_header = "(null)"<br>> ldap: password_attribute = "userPassword"<br>> ldap: access_attr = "dialupAccess"<br>> ldap: groupname_attribute = "cn"<br>
> ldap: groupmembership_filter =<br>>"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<br>> ldap: groupmembership_attribute = "(null)"<br>
> ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"<br>> ldap: ldap_debug = 0<br>> ldap: ldap_connections_number = 5<br>> ldap: compare_check_items = no<br>> ldap: access_attr_used_for_allow = yes<br>
> ldap: do_xlat = yes<br>> ldap: set_auth_type = yes<br>>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<br>>rlm_ldap: Registering ldap_xlat with xlat_name ldap<br>>rlm_ldap: reading ldap<->radius mappings from file<br>
>/usr/local/etc/raddb/ldap.attrmap<br>>rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<br>>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<br>>rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<br>
>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use<br>>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<br>>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<br>
>rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password<br>>rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<br>>rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<br>>rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<br>
>rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address<br>>rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<br>>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol<br>>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<br>
>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<br>>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<br>>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing<br>
>rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<br>>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<br>>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression<br>>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<br>
>rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<br>>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port<br>>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<br>
>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<br>>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network<br>>rlm_ldap: LDAP radiusClass mapped to RADIUS Class<br>>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<br>
>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<br>>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<br>>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<br>
>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node<br>>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<br>>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS<br>>Framed-AppleTalk-Link<br>
>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS<br>>Framed-AppleTalk-Network<br>>rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS<br>>Framed-AppleTalk-Zone<br>>rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<br>
>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port<br>>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message<br>>conns: 0x2840f290<br>>Module: Instantiated ldap (ldap)<br>>Module: Loaded eap<br>
> eap: default_eap_type = "tls"<br>> eap: timer_expire = 60<br>> eap: ignore_unknown_eap_types = yes<br>> eap: cisco_accounting_username_bug = no<br>>rlm_eap: Loaded and initialized type md5<br>>rlm_eap: Loaded and initialized type leap<br>
> gtc: challenge = "Password: "<br>> gtc: auth_type = "PAP"<br>>rlm_eap: Loaded and initialized type gtc<br>> tls: rsa_key_exchange = no<br>> tls: dh_key_exchange = yes<br>> tls: rsa_key_length = 512<br>
> tls: dh_key_length = 512<br>> tls: verify_depth = 0<br>> tls: CA_path = "(null)"<br>> tls: pem_file_type = yes<br>> tls: private_key_file = "/usr/local/etc/raddb/certs/serveur.pem"<br>
> tls: certificate_file = "/usr/local/etc/raddb/certs/serveur.pem"<br>> tls: CA_file = "/usr/local/etc/raddb/certs/root.pem"<br>> tls: private_key_password = "whatever"<br>> tls: dh_file = "/usr/local/etc/raddb/certs/dh"<br>
> tls: random_file = "/usr/local/etc/raddb/certs/random"<br>> tls: fragment_size = 1024<br>> tls: include_length = yes<br>> tls: check_crl = no<br>> tls: check_cert_cn = "%{User-Name}"<br>
> tls: cipher_list = "(null)"<br>> tls: check_cert_issuer = "(null)"<br>>rlm_eap_tls: Loading the certificate file as a chain<br>>WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not<br>
>work!<br>>WARNING: Fix this by running the OpenSSL command listed in eap.conf<br>>rlm_eap: Loaded and initialized type tls<br>> mschapv2: with_ntdomain_hack = no<br>>rlm_eap: Loaded and initialized type mschapv2<br>
>Module: Instantiated eap (eap)<br>>radiusd.conf Auth-Type eap already configured - skipping<br>>Module: Loaded preprocess<br>> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"<br>> preprocess: hints = "/usr/local/etc/raddb/hints"<br>
> preprocess: with_ascend_hack = no<br>> preprocess: ascend_channels_per_line = 23<br>> preprocess: with_ntdomain_hack = no<br>> preprocess: with_specialix_jetstream_hack = no<br>> preprocess: with_cisco_vsa_hack = no<br>
> preprocess: with_alvarion_vsa_hack = no<br>>Module: Instantiated preprocess (preprocess)<br>>Module: Loaded realm<br>> realm: format = "suffix"<br>> realm: delimiter = "@"<br>> realm: ignore_default = no<br>
> realm: ignore_null = no<br>>Module: Instantiated realm (suffix)<br>>Module: Loaded files<br>> files: usersfile = "/usr/local/etc/raddb/users"<br>> files: acctusersfile = "/usr/local/etc/raddb/acct_users"<br>
> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br>> files: compat = "no"<br>>Module: Instantiated files (files)<br>>Module: Loaded Acct-Unique-Session-Id<br>> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,<br>
>Client-IP-Address, NAS-Port"<br>>Module: Instantiated acct_unique (acct_unique)<br>>Module: Loaded detail<br>> detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br>> detail: detailperm = 384<br>
> detail: dirperm = 493<br>> detail: locking = no<br>>Module: Instantiated detail (detail)<br>>Module: Loaded radutmp<br>> radutmp: filename = "/var/log/radutmp"<br>> radutmp: username = "%{User-Name}"<br>
> radutmp: case_sensitive = yes<br>> radutmp: check_with_nas = yes<br>> radutmp: perm = 384<br>> radutmp: callerid = yes<br>>Module: Instantiated radutmp (radutmp)<br>>Listening on authentication *:1812<br>
>Listening on accounting *:1813<br>>Ready to process requests.<br>>rad_recv: Access-Request packet from host <a href="http://127.0.0.1:54433/" target="_blank">127.0.0.1:54433</a>, id=36, length=58<br>> User-Name = "yhsina"<br>
> User-Password = "yhsina"<br>> NAS-IP-Address = <a href="http://255.255.255.255/" target="_blank">255.255.255.255</a><br>> NAS-Port = 0<br>> Processing the authorize section of radiusd.conf<br>
>modcall: entering group authorize for request 0<br>> modcall[authorize]: module "preprocess" returns ok for request 0<br>> modcall[authorize]: module "chap" returns noop for request 0<br>> modcall[authorize]: module "mschap" returns noop for request 0<br>
> rlm_realm: No '@' in User-Name = "yhsina", looking up realm NULL<br>> rlm_realm: No such realm "NULL"<br>> modcall[authorize]: module "suffix" returns noop for request 0<br>
> rlm_eap: No EAP-Message, not doing EAP<br>> modcall[authorize]: module "eap" returns noop for request 0<br>> modcall[authorize]: module "files" returns notfound for request 0<br>>rlm_ldap: - authorize<br>
>rlm_ldap: performing user authorization for yhsina<br>>radius_xlat: '(uid=yhsina)'<br>>radius_xlat: 'dc=iut-velizy,dc=uvsq,dc=fr'<br>>rlm_ldap: ldap_get_conn: Checking Id: 0<br>>rlm_ldap: ldap_get_conn: Got Id: 0<br>
>rlm_ldap: attempting LDAP reconnection<br>>rlm_ldap: (re)connect to <a href="http://192.168.33.33:389/" target="_blank">192.168.33.33:389</a>, authentication 0<br>>rlm_ldap: bind as cn=Manager,dc=iut-velizy,dc=uvsq,dc=fr/secret to<br>
><a href="http://192.168.33.33:389/" target="_blank">192.168.33.33:389</a><br>>rlm_ldap: waiting for bind result ...<br>>rlm_ldap: Bind was successful<br>>rlm_ldap: performing search in dc=iut-velizy,dc=uvsq,dc=fr, with filter<br>
>(uid=yhsina)<br>>*rlm_ldap: no dialupAccess attribute - access denied by default*<br>>rlm_ldap: ldap_release_conn: Release Id: 0<br>> modcall[authorize]: module "ldap" returns userlock for request 0<br>
>modcall: leaving group authorize (returns userlock) for request 0<br>>Delaying request 0 for 1 seconds<br>>Finished request 0<br>><br>><br>><br>><br>><br>><br>>><br>>><br>>><br>
>><br>><br>><br><br></div></div>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div>
<br><br clear="all"><br>-- <br>HSINA Youness<br>Etudiant R&T - IUT--Velizy 78140<br>Tél : 06.28.73.76.75