help with ldap/checkitem
tnt at kalik.co.yu
tnt at kalik.co.yu
Fri Nov 9 17:12:08 CET 2007
Attribute is most likely VPN-Group-Name. Check in the freeradius
dictionary.
Ivan Kalik
Kalik Informatika ISP
Dana 9/11/2007, "Joe Vieira" <jvieira at clarku.edu> piše:
>
>Hi,
> I am having some confusing trouble with an LDAP check item.
>applicable line from ldap attribute file
>
>---
>checkItem VPNGroupName clarkuVlan
>----
>Users file.
>############## VPN USER CONFIG ########################
>DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
> Reply-Message = "Welcome %u, to Clark University's network
>#AUTHORIZED USE ONLY#",
> Fall-Through = Yes
>
>############# VPN TEST USER CONFIG ####################
>
>DEFAULT VPNGroupName == testing
> CVPN3000-IPSec-Split-Tunneling-Policy = 1,
> Filter-Id="itsadmin-filter",
> CVPN3000-DHCP-Network-Scope = "140.232.2.1",
> CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"
>
>
>
>debug output
>....
>rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by
>clarkuVpnAccess
>rlm_ldap: looking for check items in directory...
>rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
>....
>Login OK: [CLARKU\\bjulin] (from client vpn port 176)
>Sending Access-Accept of id 8 to 10.13.13.1 port 1025
> Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's
>network #AUTHORIZED USE ONLY#"
> Framed-MTU = 576
> MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
> MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
> MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
> MS-MPPE-Encryption-Policy = 0x00000002
> MS-MPPE-Encryption-Types = 0x00000004
>....
>
>so i see it set the check item VPNGroupName to testing, but it never
>matches in the users file, can anyone point to what i am doing wrong?
>
>
>--
>Joe Vieira
>UNIX Systems Administrator
>Clark University - ITS
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list