Authorization with LDAP Group, Authentication with MS AD
db7td at gmx.de
db7td at gmx.de
Tue May 30 12:18:43 CEST 2006
Hi,
I am doing authentication with smb/ntlm and want additionally check if the user belongs to a special group. The first group-lookup looks good (fails, because the user is not in the group), but there is always a second one that is grants permission (wrong!):
rlm_ldap: user xxx authorized to use remote access
What can be the reason for this?
Dietmar
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=..., with filter (sAMAccountName=xxx)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=CN=....)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=G_wlan-data,ou=Groups,dc=...)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in CN=xxx,OU=..., with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: ldap_get_values() failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for xxx
radius_xlat: '(sAMAccountName=xxx)'
radius_xlat: 'dc=.....'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=..., with filter (sAMAccountName=xxx)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user xxx authorized to use remote access <--- WHY?!
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
More information about the Freeradius-Users
mailing list