Freeradius How to integrate Active Directory and return group attribute to VPN Concentrator
Alhagie Puye
APuye at datawave.com
Wed Nov 30 19:35:20 CET 2005
Here is an ldap query output for a user:
waggawagga raddb # ldapsearch -LLL -h w.x.y.z -x -b
'dc=corp,dc=van,dc=dwave' '(&(memberof=CN=rptpcps,OU=DataWave
Users,DC=corp,DC=van,DC=dwave)(samaccountname=apuye))' -D
apuye at corp.van.dwave -w XXXXXXXX
dn: CN=Alhagie Puye,OU=Information Technology,OU=DataWave
Users,DC=corp,DC=van
,DC=dwave
memberOf: CN=itops-folder,OU=SHARED FOLDERS,OU=DataWave
Users,DC=corp,DC=van,D
C=dwave
memberOf: CN=rptpcps,OU=DataWave Users,DC=corp,DC=van,DC=dwave
memberOf: CN=itops,OU=Information Technology,OU=DataWave
Users,DC=corp,DC=van,
DC=dwave
memberOf: CN=datawave,OU=DataWave Users,DC=corp,DC=van,DC=dwave
accountExpires: 9223372036854775807
badPasswordTime: 127778245108916810
badPwdCount: 0
codePage: 0
cn: Alhagie Puye
countryCode: 0
description: IT Operations
displayName: Alhagie Puye
givenName: Alhagie
homeDirectory: \\fs1\apuye
homeDrive: H:
instanceType: 4
lastLogoff: 0
lastLogon: 127778426282888816
logonCount: 196
msNPAllowDialin: TRUE
distinguishedName: CN=Alhagie Puye,OU=Information Technology,OU=DataWave
Users
,DC=corp,DC=van,DC=dwave
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=corp,DC=van,DC=dwave
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectGUID:: oO1UkRu8RkScNIOHmaB/qw==
objectSid:: AQUAAAAAAAUVAAAAzSmuLihcKk12fipaZwkAAA==
primaryGroupID: 513
profilePath: \\fs2\profiles\apuye
pwdLastSet: 127771529310887572
name: Alhagie Puye
sAMAccountName: apuye
sAMAccountType: 805306368
sn: Puye
userAccountControl: 512
userParameters::
bTogICAgICAgICAgICAgICAgICAgIGQJICAgICAgICAgICAgICAgICAgICAgI
CAgUBAaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm4
6Cy44
C5FggBQ3R4Q2FsbGJhY2vjgLDjgLDjgLDjgLASCAFDdHhTaGFkb3fjhLDjgLDjgLDjgLAoCA
FDdHh
NYXhDb25uZWN0aW9uVGltZeOAsOOAsOOAsOOAsC4IAUN0eE1heERpc2Nvbm5lY3Rpb25UaW1
l44Cw
44Cw44Cw44CwHAgBQ3R4TWF4SWRsZVRpbWXjgLDjgLDjgLDjgLAiCAFDdHhLZXlib2FyZExh
eW91d
OOAsOOAsOOAsOOAsCoCAUN0eE1pbkVuY3J5cHRpb25MZXZlbOOEsCACAUN0eFdvcmtEaXJlY
3Rvcn
njgLAgAgFDdHhOV0xvZ29uU2VydmVy44CwGAIBQ3R4V0ZIb21lRGly44CwIgIBQ3R4V0ZIb2
1lRGl
yRHJpdmXjgLAgAgFDdHhXRlByb2ZpbGVQYXRo44CwIgIBQ3R4SW5pdGlhbFByb2dyYW3jgLA
iAgFD
dHhDYWxsYmFja051bWJlcuOAsA==
userPrincipalName: apuye at corp.van.dwave
uSNChanged: 7588047
uSNCreated: 5713011
whenChanged: 20051122170851.0Z
whenCreated: 20050902184213.0Z
# refldap://corp.van.dwave/CN=Configuration,DC=corp,DC=van,DC=dwave
I would like the group that the user is a member of to be sent back in
the replyItem. I need this value for locking the user into groups on the
Cisco VPN Concentrator. That's the only portion I'm missing.
Here is an output of the debug when I authenticate the user:
put_filter: "(cn=itops)"
put_filter: simple
put_simple_filter: "cn=itops"
ldap_send_initial_request
ldap_send_server_request
ldap_result msgid 15
ldap_chkResponseList for msgid=15, all=1
ldap_chkResponseList returns NULL
wait4msg (timeout 40 sec, 0 usec), msgid 15
wait4msg continue, msgid 15, all 1
** Connections:
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 15, origid 15, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=15, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 15, all 1
ldap_read: message type search-entry msgid 15, original id 15
wait4msg: 39 secs to go
wait4msg continue, msgid 15, all 1
** Connections:
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 15, origid 15, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
* msgid 15, type 100
ldap_chkResponseList for msgid=15, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 15, all 1
ldap_read: message type search-result msgid 15, original id 15
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 15
request 15 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 15, msgid 15)
ldap_free_connection
ldap_free_connection: refcnt 1
adding response id 15 type 101:
ldap_parse_result
ldap_msgfree
ldap_msgfree
rlm_ldap::ldap_groupcmp: User found in group itops
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for apuye
radius_xlat: '(&(sAMAccountName=apuye)(objectclass=user))'
radius_xlat: 'DC=corp,DC=van,DC=dwave'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in DC=corp,DC=van,DC=dwave, with filter
(&(sAMAccountName=apuye)(objectclass=user))
ldap_search
put_filter: "(&(sAMAccountName=apuye)(objectclass=user))"
put_filter: AND
put_filter_list "(sAMAccountName=apuye)(objectclass=user)"
put_filter: "(sAMAccountName=apuye)"
put_filter: simple
put_simple_filter: "sAMAccountName=apuye"
put_filter: "(objectclass=user)"
put_filter: simple
put_simple_filter: "objectclass=user"
ldap_send_initial_request
ldap_send_server_request
ldap_result msgid 16
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
wait4msg (timeout 40 sec, 0 usec), msgid 16
wait4msg continue, msgid 16, all 1
** Connections:
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 16, origid 16, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 16, all 1
ldap_read: message type search-entry msgid 16, original id 16
wait4msg: 39 secs to go
wait4msg continue, msgid 16, all 1
** Connections:
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 16, origid 16, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 16, all 1
ldap_read: message type search-reference msgid 16, original id 16
ldap_chase_v3referrals
ldap_url_parse_ext(ldap://corp.van.dwave/CN=Configuration,DC=corp,DC=van
,DC=dwave)
re_encode_request: new msgid 17, new dn
<CN=Configuration,DC=corp,DC=van,DC=dwave>
re_encode_request new request is:
ber_dump: buf=0x0815ec00 ptr=0x0815ef76 end=0x0815fbdc len=886
0000: 72 64 72 64 00 00 00 00 00 00 00 00 00 00 00 00
rdrd............
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0370: 00 00 00 00 00 00 ......
ldap_chase_v3referral: msgid 16, url
"ldap://corp.van.dwave/CN=Configuration,DC=corp,DC=van,DC=dwave"
ldap_send_server_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP corp.van.dwave:389
ldap_new_socket: 7
ldap_prepare_socket: 7
ldap_connect_to_host: Trying w.x.y.z:389
ldap_connect_timeout: fd: 7 tm: 10 async: 0
ldap_ndelay_on: 7
ldap_is_sock_ready: 7
ldap_ndelay_off: 7
anonymous rebind via ldap_bind_s
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result msgid 18
ldap_chkResponseList for msgid=18, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 18
wait4msg continue, msgid 18, all 1
** Connections:
* host: corp.van.dwave port: 0
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
rebind in progress
queue is empty
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 18, origid 18, status InProgress
outstanding referrals 0, parent count 0
* msgid 16, origid 16, status InProgress
outstanding referrals 1, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=18, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 18, all 1
ldap_read: message type search-result msgid 16, original id 16
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 16
ldap_free_connection
ldap_free_connection: refcnt 1
wait4msg continue, msgid 18, all 1
** Connections:
* host: corp.van.dwave port: 0
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
rebind in progress
queue is empty
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 18, origid 18, status InProgress
outstanding referrals 0, parent count 0
* msgid 16, origid 16, status Request Completed
outstanding referrals 1, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=18, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 18, all 1
ldap_read: message type bind msgid 18, original id 18
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 18
request 18 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 18, msgid 18)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
read1msg: 1 new referrals
wait4msg: 39 secs to go
wait4msg continue, msgid 16, all 1
** Connections:
* host: corp.van.dwave port: 0
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 17, origid 16, status InProgress
outstanding referrals 0, parent count 1
* msgid 16, origid 16, status Request Completed
outstanding referrals 1, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 16, all 1
ldap_read: message type search-reference msgid 17, original id 16
ldap_chase_v3referrals
ldap_url_parse_ext(ldap://corp.van.dwave/CN=Schema,CN=Configuration,DC=c
orp,DC=van,DC=dwave)
re_encode_request: new msgid 19, new dn
<CN=Schema,CN=Configuration,DC=corp,DC=van,DC=dwave>
re_encode_request new request is:
ber_dump: buf=0x0815fbe0 ptr=0x0815ff60 end=0x08160bbc len=896
0000: 72 64 72 64 00 00 00 00 00 00 00 00 00 00 00 00
rdrd............
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
02f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
0370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
ldap_chase_v3referral: msgid 17, url
"ldap://corp.van.dwave/CN=Schema,CN=Configuration,DC=corp,DC=van,DC=dwav
e"
ldap_send_server_request
read1msg: search ref chased, mark request chasing refs, id = 17
read1msg: 1 new referrals
wait4msg: 39 secs to go
wait4msg continue, msgid 16, all 1
** Connections:
* host: corp.van.dwave port: 0
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 19, origid 16, status InProgress
outstanding referrals 0, parent count 1
* msgid 17, origid 16, status ChasingRefs
outstanding referrals 0, parent count 1
* msgid 16, origid 16, status Request Completed
outstanding referrals 2, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 16, all 1
ldap_read: message type search-result msgid 17, original id 16
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 17
merged parent (id 16) error info: result errno 0, error <>, matched <>
ldap_free_connection
ldap_free_connection: refcnt 1
wait4msg: 39 secs to go
wait4msg continue, msgid 16, all 1
** Connections:
* host: corp.van.dwave port: 0
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 1 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 19, origid 16, status InProgress
outstanding referrals 0, parent count 1
* msgid 17, origid 16, status Request Completed
outstanding referrals 0, parent count 1
* msgid 16, origid 16, status Request Completed
outstanding referrals 1, parent count 0
** Response Queue:
* msgid 16, type 100
ldap_chkResponseList for msgid=16, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 16, all 1
ldap_read: message type search-result msgid 19, original id 16
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 19
merged parent (id 16) error info: result errno 0, error <>, matched <>
request 16 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 16, msgid 16)
ldap_free_request (origid 16, msgid 19)
ldap_free_request (origid 16, msgid 17)
ldap_free_connection
ldap_send_unbind
ldap_free_connection: actually freed
adding response id 16 type 101:
ldap_parse_result
ldap_get_dn
ldap_get_values
rlm_ldap: looking for check items in directory...
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
rlm_ldap: looking for reply items in directory...
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
rlm_ldap: user apuye authorized to use remote access
ldap_msgfree
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "apuye" with password "XXXXXXXX2"
rlm_ldap: user DN: CN=Alhagie Puye,OU=Information Technology,OU=DataWave
Users,DC=corp,DC=van,DC=dwave
rlm_ldap: (re)connect to SERVER.corp.van.dwave:389, authentication 1
ldap_create
rlm_ldap: bind as CN=Alhagie Puye,OU=Information Technology,OU=DataWave
Users,DC=corp,DC=van,DC=dwave/XXXXXXXX2 to SERVER.corp.van.dwave:389
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP SERVER.corp.van.dwave:389
ldap_new_socket: 7
ldap_prepare_socket: 7
ldap_connect_to_host: Trying w.x.y.z:389
ldap_connect_timeout: fd: 7 tm: 10 async: 0
ldap_ndelay_on: 7
ldap_is_sock_ready: 7
ldap_ndelay_off: 7
ldap_open_defconn: successful
ldap_send_server_request
rlm_ldap: waiting for bind result ...
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (timeout 40 sec, 0 usec), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: SERVER.corp.van.dwave port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Nov 30 10:18:54 2005
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ldap_read: message type bind msgid 1, original id 1
new result: res_errno: 0, res_error: <>, res_matched: <>
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
rlm_ldap: Bind was successful
rlm_ldap: user apuye authenticated succesfully
ldap_free_connection
ldap_send_unbind
ldap_free_connection: actually freed
modcall[authenticate]: module "ldap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Sending Access-Accept of id 162 to 127.0.0.1:51232
Service-Type = Login-User
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 162 with timestamp 438ded0e
Nothing to do. Sleeping until we see a request.
My radiusd.conf:
filter =
"(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(objectclass=user
))"
groupname_attribute = "cn"
groupmembership_filter =
"(&(objectClass=group)(member=%{Ldap-UserDn}))(&(objectClass=top)(unique
member=%{Ldap-UserDn}))"
groupmembership_attribute = memberOf
My ldap.attrmap:
replyItem Class group
My users file:
DEFAULT Ldap-Group == "itops"
Auth-Type := LDAP,
Service-Type = Login,
Thanks in advance
Alhagie Puye - Network Engineer
Datawave Group of Companies
(604)295-1817
> >-----Original Message-----
> >From: freeradius-users-bounces at lists.freeradius.org
> >[mailto:freeradius-users-bounces at lists.freeradius.org] On
> >Behalf Of Dusty Doris
> >Sent: November 30, 2005 7:16 AM
> >To: FreeRadius users mailing list
> >Subject: RE: Freeradius How to integrate Active Directory
> >and return group attribute to VPN Concentrator
> >
> >> Radiusd.conf:
> >>
> >> filter =
> >>
> >"(&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})(membe
> >rOf=CN=rp
> >> tp cps,OU=Datawave Users,DC=corp,DC=van,DC=dwave))"
> >>
> >> This works fine. However I can't get it to return any
> >replyItems. Has
> >> anyone gotten this to work with Active Directory? All the
> >docs I see
> >> on the Net refeerence OpenLDAP. I'm sure there is a lot of
> >folks out
> >> there running Windows 2000/2003 Active Directory.
> >>
> >> I have spent a couple of days on this not having much
> >luck. Here are a
> >> few questions that would help me a bit.
> >>
> >> 1) Do I need groupname_attribute to get this to work?
> >>
> >> 2) What about groupmembership_filter and groupmembership_attribute?
> >>
> >> My ldap.attrmap looks like this:
> >>
> >> replyItem Class groupofnames
> >> replyItem Class group
> >>
> >> I think the above is correct. Can some shed some light on this?
> >
> >Is group and groupofnames something that is an attribute of
> >a user? When freeradius searches for reply items it is
> >searching for attributes of that user.
> >
> >eg:
> >
> >dn: cn=someuser,...
> >group: somegroup
> >
> >Should then add
> >
> >Class = somegroup
> >
> >to the reply items.
> >
> >If you want to make reply items attached to a group, rather
> >than in individual, you will need to set the User-Profile attribute.
> >
> >For example,
> >
> >dn: cn=somegroup,ou=groups,...
> >group: somegroup
> >
> >Then in the users file.
> >
> >DEFAULT Ldap-Group == somegroup, User-Profile :=
> >"cn=somegroup,ou=groups,..."
> >
> >You may be able to do this dynamically using xlat or
> >something like huntgroups too. If you want an example, send
> >us an example of a user and group from AD in ldif format and
> >an example of a radius packet that you would expect in the
> >reply and I'll see if I can come up with an idea for ya.
> >
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
Disclaimer: This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request.
More information about the Freeradius-Users
mailing list