Freeradius and UUNet dial up

Brenckle, Nicholas NBrenckle at dsl.net
Tue Jul 11 22:08:51 CEST 2006


Im having trouble configuring freeradius. Im going to give the full
story, which might be too much detail but here goes...
 
I have a radius server (freeradius v 0.7) working on an old box. I want
to upgrade this to a new box with RHEL4 and Freeradius 1.0.1, that comes
with RHEL4 now. The old configuration files would not just copy over,
starting free radius gives errors with the dictionary files. Since I
don't quite understand them, I thought better try to reconfigure the new
version then just copy over configuration files.
 
Now I have the new version running/authenticating. The problem is Im
missing some data, I think.  When I authenticate (using NTRadPing) off
the old server, I get
 
Sending authentication request to server 111.111.111.111:1812
Transmitting packet, code =1 id=4 length=67
received response from the server in 10 miliseconds
reply packet code=2 id=4 length=174
response: Access-Accept
-----------------------------------attribute dump
----------------------------------------------
Service-Type=Framed
Framed-Protocol=PPP
Ascend-Data-Filter=\0x01\0x01\0x00\0x00\0x00\0x00\0x00\0x00\0x00
(repeated lines)
Ascent-Assign-IP-Pool=0
 
 
 
When I try against the new one, I get only the lines to  "--attribute
dump--", but I do get a correct auth. I know that part works because if
I change the uname/password to wrong, it doesnt work. So it is correctly
checking against LDAP. But I get none of the lower lines. I know the
process is not quite right as If I add the lines to my hints file (which
exists on the old server)
    
        DEFAULT Suffix == "@dial.dsl.net", Strip-User-Name = Yes
        Hint = "UUNetDial"

then I get nothing working. If I comment out those lines, I can
authenticate, but with no extra info. (Which I assume is part of the
problem.)  If I comment the hints lines out, I get this in the output of
radiusd
 
        rlm_ldap: Bind was successful
        rlm_ldap: performing search in dc=dsl,dc=net, with filter
(&(objectClass=dslnDialupUser)(uid=radius%dsl.net))
        rlm_ldap: checking if remote access for radius%dsl.net is
allowed by dslnRadiusProfile
        rlm_ldap: looking for check items in directory...
        rlm_ldap: looking for reply items in directory...
        rlm_ldap: user radius%dsl.net authorized to use remote access

if I leave those lines in the hints, it loses the uid, as shown below...
 
        rlm_ldap: Bind was successful
        rlm_ldap: performing search in dc=dsl,dc=net, with filter
(&(objectClass=dslnDialupUser)(uid=_))
        rlm_ldap: object not found or got ambiguous search result
        rlm_ldap: search failed

So, what I need to know is, why does the hint lines make the uid get
stripped? Im guessing the system somewhere else is also doing a strip,
and so the double means no UID gets there?  Is there any "radius for
dummies"? I think Im getting lost as to which process happens when
during the process,ie: when does the hints vs clients vs users files
come into play.
 
Thanks for any help!
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060711/01e9cf68/attachment.html>


More information about the Freeradius-Users mailing list