eDir Universal password implementation.
Olivier Beytrison
olivier at heliosnet.org
Fri Dec 7 18:50:29 CET 2012
On 07.12.2012 18:07, Olivier Beytrison wrote:
> On 07.12.2012 17:54, Alan DeKok wrote:
>>
>> I've pushed a one-character fix.
>>
> Found it also. and I also had to invert char * and size_t in my call in
> rlm_ldap.c
>
> okay code working again.
> I'll push all those change to my repo
>
code has been pushed along with some other fix/typo/formatting.
Things works on my side [1]. I'm happy with it. now it depends on you if
you want more rewriting of the code. If so I can test your change
whenever you want.
Olivier
[1] working example
rad_recv: Access-Request packet from host 127.0.0.1 port 39774, id=247,
length=87
User-Name = "olivier.beytriso"
CHAP-Password = 0x9960e4b86ea318e5b24xxxxxxxxxxxxx
NAS-IP-Address = 160.98.240.25
NAS-Port = 0
Message-Authenticator = 0x0e83e1b97e7dd468e136da6be344114b
(0) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(0) group authorize {
(0) - entering group authorize {...}
(0) policy filter_username {
(0) - entering policy filter_username {...}
[snip]
(0) - policy filter_username returns notfound
(0) [preprocess] = ok
(0) chap : Setting 'Auth-Type := CHAP'
(0) [chap] = ok
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : No '@' in User-Name = "olivier.beytriso", looking up realm NULL
(0) suffix : No such realm "NULL"
(0) [suffix] = noop
(0) eap : No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
(0) ldap : expand: '%{Stripped-User-Name}' -> ''
(0) ldap : ... expanding second conditional
(0) ldap : escape: 'olivier.beytriso' -> 'olivier.beytriso'
(0) ldap : expand: '%{User-Name}' -> 'olivier.beytriso'
(0) ldap : expand: '(uid=%{%{Stripped-User-Name}:-%{User-Name}})'
-> '(uid=olivier.beytriso)'
(0) ldap : expand: 'ou=people,o=hes-so' -> 'ou=people,o=hes-so'
rlm_ldap (ldap): Reserved connection (4)
(0) ldap : Performing search in 'ou=people,o=hes-so' with filter
'(uid=olivier.beytriso)'
(0) ldap : User found at DN "cn=31935762,ou=courant,ou=people,o=hes-so"
(0) ldap : Added the eDirectory password XXXXXXXXXX in check items as
Cleartext-Password
(0) ldap : control:hessoRole +=
"31935762-440774439#RORG-HEFR-EIFR-INTR-INFO#EMP#COL" (hessoRole)
rlm_ldap (ldap): Released connection (4)
rlm_ldap (ldap): Closing idle connection (0): Too many free connections
(5 > 3)
rlm_ldap (ldap): Closing connection (0)
(0) [ldap] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) Found Auth-Type = CHAP
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) group CHAP {
(0) - entering group CHAP {...}
(0) chap : login attempt by "olivier.beytriso" with CHAP password
(0) chap : Using clear text password "XXXXXXXXXX" for user
olivier.beytriso authentication.
(0) chap : chap user olivier.beytriso authenticated succesfully
(0) [chap] = ok
(0) # Executing section post-auth from file
/etc/freeradius/sites-enabled/default
(0) group post-auth {
(0) - entering group post-auth {...}
rlm_ldap (ldap): Reserved connection (4)
(0) ldap : Login attempt by "olivier.beytriso" with password "XXXXXXXXXX"
(0) ldap : Bind as user "cn=31935762,ou=courant,ou=people,o=hes-so" was
successful
rlm_ldap (ldap): Released connection (4)
(0) [ldap] = ok
(0) [exec] = noop
(0) policy remove_reply_message_if_eap {
(0) - entering policy remove_reply_message_if_eap {...}
(0) ? if (reply:EAP-Message && reply:Reply-Message)
(0) ? Evaluating (reply:EAP-Message ) -> FALSE
(0) ? Skipping (reply:Reply-Message)
(0) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE
(0) else else {
(0) - entering else else {...}
(0) [noop] = noop
(0) - else else returns noop
(0) - policy remove_reply_message_if_eap returns noop
Sending Access-Accept of id 247 from 127.0.0.1 port 1812 to 127.0.0.1
port 39774
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mobile: +41 (0)78 619 73 53
Mail: olivier at heliosnet.org
More information about the Freeradius-Devel
mailing list