Receivin a full DN in a radius request
Kostas Kalevras
kkalev at noc.ntua.gr
Wed Sep 14 15:10:30 CEST 2005
On Wed, 14 Sep 2005, Jean-Francois Gobin wrote:
> Here is my whole ldap definition :
>
> ldap {
> server = "ldap.xxxx.xxx"
> # identity = "cn=admin,o=My Org,c=UA"
> # password = mypass
> basedn = " "
This should be an actual DN of your tree. Something like:
ou=people,dc=company,dc=com
> filter = "(%{User-Name})"
This is wrong. It should most probably read filter = "(uid=%{User-Name})"
> # base_filter = "(objectclass=radiusprofile)"
>
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS extended
> # operation.
> # The StartTLS operation is supposed to be used with normal
> # ldap connections instead of using ldaps (port 689)
> connections
> start_tls = no
>
> # tls_cacertfile = /path/to/cacert.pem
> # tls_cacertdir = /path/to/ca/dir/
> # tls_certfile = /path/to/radius.crt
> # tls_keyfile = /path/to/radius.key
> # tls_randfile = /path/to/rnd
> # tls_require_cert = "demand"
>
> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> # access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> ldap_connections_number = 5
>
> #
> # NOTICE: The password_header directive is NOT case
> insensitive
> #
> # password_header = "{clear}"
> #
> # Set:
> # password_attribute = nspmPassword
> #
> # to get the user's password from a Novell eDirectory
> # backend. This will work *only if* freeRADIUS is
> # configured to build with --with-edir option.
> #
> #
> # The server can usually figure this out on its own, and
> pull
> # the correct User-Password or NT-Password from the
> database.
> #
> # Note that NT-Passwords MUST be stored as a 32-digit hex
> # string, and MUST start off with "0x", such as:
> #
> # 0x000102030405060708090a0b0c0d0e0f
> #
> # Without the leading "0x", NT-Passwords will not work.
> # This goes for NT-Passwords stored in SQL, too.
> #
> # password_attribute = userPassword
> #
> # Un-comment the following to disable Novell eDirectory
> account
> # policy check and intruder detection. This will work *only
> if*
> # FreeRADIUS is configured to build with --with-edir option.
> #
> # edir_account_policy_check=no
> #
> # groupname_attribute = cn
> # groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqu
> eNames)(uniquemember=%{Ldap-UserDn})))"
> # groupmembership_attribute = radiusGroupName
> timeout = 4
> timelimit = 3
> net_timeout = 1
> # compare_check_items = yes
> # do_xlat = yes
> # access_attr_used_for_allow = yes
> }
>
>
> On Tue, 13 Sep 2005, Nicolas Baradakis wrote:
>
>> Jean-Francois Gobin wrote:
>>
>>> rlm_ldap: - authorize
>>> rlm_ldap: performing user authorization for
>>> uid=P06227,ou=people,o=nrb,c=be
>>> radius_xlat: '(uid)'
>>> radius_xlat: ' '
>>> rlm_ldap: ldap_get_conn: Checking Id: 0
>>> rlm_ldap: ldap_get_conn: Got Id: 0
>>> rlm_ldap: performing search in , with filter (uid)
>>> rlm_ldap: ldap_search() failed: Bad search filter: (uid)
>>
>> What is your filter in section ldap of radiusd.conf ?
>>
>> --
>> Nicolas Baradakis
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> ----------
> Jean-Francois Gobin - Administrateur gobinjf.be
> http://www.gobinjf.be mailto:gobin at gobinjf.be
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
kkalev at noc.ntua.gr National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
More information about the Freeradius-Users
mailing list