Thks for your help, it s very interesting. I have a little hard to understand how it works and it help me much.
But I can t made it run :s
When i try with line you have show me. I can't log with any user.
My server openldap say there isn't any connection from freeradius in his log
here is an exemple of one user :dn: uid=Thomas01,ou=heure,dc=network,dc=local
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: Thomas01
In freeradius here is result of : freeradius -xxyz
Thread 2 handling request 1, (1 handled so far)
User-Name = "Thomas01"
User-Password = "*******"
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.x.3
Calling-Station-Id = "00-18-DE-C8-D9-87"
Called-Station-Id = "00-0C-29-8A-5B-1C"
NAS-Identifier = "nas01"
Acct-Session-Id = "48327d7900000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Message-Authenticator = 0x25d1a7b602061b5167c20539366b1e8d
WISPr-Logoff-URL = "http://192.168.x.1:3990/logoff"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
modcall[authorize]: module "files" returns notfound for request 1
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 1
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "daily" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [Thomas01] (from client hotspot port 1 cli 00-18-DE-C8-D9-87)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 483280f4
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.x.253:59308, id=0, length=198
Sending Access-Reject of id 0 to 192.168.x.253 port 59308
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 483280fa
Nothing to do. Sleeping until we see a request.
If you have any idea it would help me much, i can provide my config files if u want.
Thks a lot
Thomas
Tribolet
UNCLASSIFIED
Sent: Monday, 19 May 2008 18:33
From:
freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freer
adius.org] On Behalf Of Tribes Tom
To: FreeRadius users mailing listSubject: Re: users advanced configuration [SEC=UNCLASSIFIED]
All three element of your test are assignments that always return true.
Can you explain how to do this ?
I have try this :
DEFAULT Auth-Type = ldap,Max-Daily-Session :=
3600,Ldap-UserDN := `uid=%{User-Name},ou=heure,dc=network,dc=local`
You compare using == not :=
Try:
DEFAULT Ldap-UserDN ==
`uid=%{User-Name},ou=heure,dc=network,dc=local`, Max-Daily-Session :=
3600
Or
DEFAULT Ldap-UserDN =~ "^uid=.*,ou=heure,dc=network,dc=local$",
Max-Daily-Session := 3600
Matching is done from left to right, so Max-Daily-Session is only set if
the Ldap-UserDN matches. It is probably unnecessary to set Auth-Type.
Regards,
Frank Ranner