reply-list fed by LDAP

Florian Prester Florian.Prester at rrze.uni-erlangen.de
Tue Jan 31 12:35:32 CET 2006 

Hello,

 I use freeradius 1.05 with LDAP.
Now I do not use the RADIUS-LDAP-Schemata - because I think I do not 
need it, all teh required Information is provided by the Schema I use ( 
I think :-) ).
Within the Schema I have an attribute szUserId which I want to return to 
the client.
Now. this LDAP-attribute (szUsesrId) is mapped by ldap.attrmap to User-ID,
this Radius-attribute (User-ID) is speziufied as an reply-item in the 
users-file:

DEFAULT Service-Type == Framed-User
        Framed-IP-Address = 255.255.255.254,
        Framed-MTU = 576,
        User-ID = 576,
        Fall-Through = Yes

But it does not get sent to the client.

Now my question, WHY?
Do I have to define the RADIUS-Attribute User-ID in the dictionary-file? 
If I do so, radiusd complaines this attribute is an check-item and no 
reply-item!?!?!?

my Log:

Tue Jan 31 12:22:12 2006 : Debug:   Processing the authorize section of 
radiusd.conf
Tue Jan 31 12:22:12 2006 : Debug: modcall: entering group authorize for 
request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling 
preprocess (rlm_preprocess) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
preprocess (rlm_preprocess) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module 
"preprocess" returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling chap 
(rlm_chap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
chap (rlm_chap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "chap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling mschap 
(rlm_mschap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
mschap (rlm_mschap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "mschap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling suffix 
(rlm_realm) for request 0
Tue Jan 31 12:22:12 2006 : Debug:     rlm_realm: No '@' in User-Name = 
"sz148", looking up realm NULL
Tue Jan 31 12:22:12 2006 : Debug:     rlm_realm: No such realm "NULL"
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
suffix (rlm_realm) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "suffix" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling eap 
(rlm_eap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   rlm_eap: No EAP-Message, not doing EAP
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
eap (rlm_eap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "eap" 
returns noop for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling files 
(rlm_files) for request 0
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 43
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 50
Tue Jan 31 12:22:12 2006 : Debug:     users: Matched entry DEFAULT at 
line 53
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
files (rlm_files) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "files" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: calling ldap 
(rlm_ldap) for request 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: - authorize
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: performing user 
authorization for sz148
Tue Jan 31 12:22:12 2006 : Debug: radius_xlat:  '(&(objectClass=szUser) 
(Userid=sz148))'
Tue Jan 31 12:22:12 2006 : Debug: radius_xlat:  'ou=AAAuser,o=Domain ,c=DE'
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: attempting LDAP reconnection
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: (re)connect to 
xxx.xxx.xxx.xxx:400, authentication 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: bind as 
cn=user,ou=allro,ou=AAAdsadm,o=doamin,c=DE/xxx to xxx.xxx.xxx.xxx:400
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: waiting for bind result ...
request 1 done
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Bind was successful
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: performing search in 
ou=AAAuser,o=domain,c=DE, with filter (&(objectClass=szUser) (Userid=sz148))
request 2 done
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: checking if remote access 
for sz148 is allowed by uid
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: looking for check items in 
directory...
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding unixPassword as 
Crypt-Password, value op=21
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szVpnPassword as 
NT-Password, value op=21
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: looking for reply items in 
directory...
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szIpAddress as 
Framed-IP-Address, value 121.23.32.20 & op=11
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: Adding szUserid as User-ID, 
value sz148 & op=11
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: user sz148 authorized to use 
remote access
Tue Jan 31 12:22:12 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authorize]: returned from 
ldap (rlm_ldap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authorize]: module "ldap" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug: modcall: group authorize returns ok 
for request 0
Tue Jan 31 12:22:12 2006 : Debug:   rad_check_password:  Found Auth-Type pap
Tue Jan 31 12:22:12 2006 : Debug: auth: type "PAP"
Tue Jan 31 12:22:12 2006 : Debug:   Processing the authenticate section 
of radiusd.conf
Tue Jan 31 12:22:12 2006 : Debug: modcall: entering group Auth-Type for 
request 0
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authenticate]: calling pap 
(rlm_pap) for request 0
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: login attempt by "sz148" with 
password
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: Using password "" for user 
sz148 authentication.
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: Using CRYPT encryption.
Tue Jan 31 12:22:12 2006 : Debug: rlm_pap: User authenticated succesfully
Tue Jan 31 12:22:12 2006 : Debug:   modsingle[authenticate]: returned 
from pap (rlm_pap) for request 0
Tue Jan 31 12:22:12 2006 : Debug:   modcall[authenticate]: module "pap" 
returns ok for request 0
Tue Jan 31 12:22:12 2006 : Debug: modcall: group Auth-Type returns ok 
for request 0
Tue Jan 31 12:22:12 2006 : Auth: Login OK: [sz148] (from client Windows 
port 0)
Sending Access-Accept of id 13 to xxx.xxx.xxx.xxx:1818
        Framed-MTU = 576
        Tunnel-Private-Group-Id:0 := "rlan79"
        Framed-IP-Address = sss.sss.sss.sss
Tue Jan 31 12:22:12 2006 : Debug: Finished request 0


Thaks in advance

Florian

-- 
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Martensstr. 1
91052 Erlangen
Germany

Tel.: +499131 8527813

More information about the Freeradius-Users mailing list