Thks for your help, it s very interesting. I have a little hard to understand how it works and it help me much.
But I can t made it run :s

When i try with line you have show me. I can't log with any user.

My server openldap say there isn't any connection from freeradius in his log

here is an exemple of one user :

dn: uid=Thomas01,ou=heure,dc=network,dc=local
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: Thomas01

In freeradius here is result of : freeradius -xxyz

Thread 2 handling request 1, (1 handled so far)
    User-Name = "Thomas01"
    User-Password = "*******"
    NAS-IP-Address = 0.0.0.0
    Service-Type = Login-User
    Framed-IP-Address = 192.168.x.3
    Calling-Station-Id = "00-18-DE-C8-D9-87"
    Called-Station-Id = "00-0C-29-8A-5B-1C"
    NAS-Identifier = "nas01"
    Acct-Session-Id = "48327d7900000001"
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 1
    Message-Authenticator = 0x25d1a7b602061b5167c20539366b1e8d
    WISPr-Logoff-URL = "http://192.168.x.1:3990/logoff"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
  modcall[authorize]: module "files" returns notfound for request 1
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
  modcall[authorize]: module "daily" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [Thomas01] (from client hotspot port 1 cli 00-18-DE-C8-D9-87)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 483280f4
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.x.253:59308, id=0, length=198
Sending Access-Reject of id 0 to 192.168.x.253 port 59308
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 483280fa
Nothing to do.  Sleeping until we see a request.



If you have any idea it would help me much, i can provide my config files if u want.

Thks a lot

Thomas
Tribolet






2008/5/20 Ranner, Frank MR <Frank.Ranner@defence.gov.au>:
UNCLASSIFIED

From:
freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freeradius.or
g
[mailto:freeradius-users-bounces+frank.ranner=defence.gov.au@lists.freer
adius.org] On Behalf Of Tribes Tom
Sent: Monday, 19 May 2008 18:33
To: FreeRadius users mailing list
Subject: Re: users advanced configuration [SEC=UNCLASSIFIED]



       Can you explain how to do this ?

       I have try this :

       DEFAULT        Auth-Type = ldap,Max-Daily-Session :=
3600,Ldap-UserDN := `uid=%{User-Name},ou=heure,dc=network,dc=local`

All three element of your test are assignments that always return true.
You compare using == not :=
Try:
DEFAULT        Ldap-UserDN ==
`uid=%{User-Name},ou=heure,dc=network,dc=local`, Max-Daily-Session :=
3600

Or

DEFAULT        Ldap-UserDN =~ "^uid=.*,ou=heure,dc=network,dc=local$",
Max-Daily-Session := 3600

Matching is done from left to right, so Max-Daily-Session is only set if
the Ldap-UserDN matches. It is probably unnecessary to set Auth-Type.

Regards,
Frank Ranner

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html