help with ldap/checkitem

Joe Vieira jvieira at clarku.edu
Fri Nov 9 17:01:15 CET 2007


Hi,
    I am having some confusing trouble with an LDAP check item.
applicable line from ldap attribute file

---
checkItem       VPNGroupName                    clarkuVlan
----
Users file.
############## VPN USER CONFIG ########################
DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
        Reply-Message = "Welcome %u, to Clark University's network 
#AUTHORIZED USE ONLY#",
        Fall-Through = Yes

############# VPN TEST USER CONFIG ####################

DEFAULT VPNGroupName == testing
        CVPN3000-IPSec-Split-Tunneling-Policy = 1,
        Filter-Id="itsadmin-filter",
        CVPN3000-DHCP-Network-Scope = "140.232.2.1",
        CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"



debug output
...
rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by 
clarkuVpnAccess
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
...
Login OK: [CLARKU\\bjulin] (from client vpn port 176)
Sending Access-Accept of id 8 to 10.13.13.1 port 1025
        Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's 
network #AUTHORIZED USE ONLY#"
        Framed-MTU = 576
        MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
        MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
        MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004
...

so i see it set the check item VPNGroupName to testing, but it never 
matches in the users file, can anyone point to what i am doing wrong?


-- 
Joe Vieira
UNIX Systems Administrator
Clark University - ITS




More information about the Freeradius-Users mailing list