Im having trouble configuring freeradius. Im going to give the full story, which might be too much detail but here goes... I have a radius server (freeradius v 0.7) working on an old box. I want to upgrade this to a new box with RHEL4 and Freeradius 1.0.1, that comes with RHEL4 now. The old configuration files would not just copy over, starting free radius gives errors with the dictionary files. Since I don't quite understand them, I thought better try to reconfigure the new version then just copy over configuration files. Now I have the new version running/authenticating. The problem is Im missing some data, I think. When I authenticate (using NTRadPing) off the old server, I get Sending authentication request to server 111.111.111.111:1812 Transmitting packet, code =1 id=4 length=67 received response from the server in 10 miliseconds reply packet code=2 id=4 length=174 response: Access-Accept -----------------------------------attribute dump ---------------------------------------------- Service-Type=Framed Framed-Protocol=PPP Ascend-Data-Filter=\0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00 (repeated lines) Ascent-Assign-IP-Pool=0 When I try against the new one, I get only the lines to "--attribute dump--", but I do get a correct auth. I know that part works because if I change the uname/password to wrong, it doesnt work. So it is correctly checking against LDAP. But I get none of the lower lines. I know the process is not quite right as If I add the lines to my hints file (which exists on the old server) DEFAULT Suffix == "@dial.dsl.net", Strip-User-Name = Yes Hint = "UUNetDial" then I get nothing working. If I comment out those lines, I can authenticate, but with no extra info. (Which I assume is part of the problem.) If I comment the hints lines out, I get this in the output of radiusd rlm_ldap: Bind was successful rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=radius%dsl.net)) rlm_ldap: checking if remote access for radius%dsl.net is allowed by dslnRadiusProfile rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radius%dsl.net authorized to use remote access if I leave those lines in the hints, it loses the uid, as shown below... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=dsl,dc=net, with filter (&(objectClass=dslnDialupUser)(uid=_)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed So, what I need to know is, why does the hint lines make the uid get stripped? Im guessing the system somewhere else is also doing a strip, and so the double means no UID gets there? Is there any "radius for dummies"? I think Im getting lost as to which process happens when during the process,ie: when does the hints vs clients vs users files come into play. Thanks for any help! Nick
participants (1)
-
Brenckle, Nicholas