help with ldap/checkitem

Joe Vieira jvieira at clarku.edu
Fri Nov 9 17:23:35 CET 2007 

I created the attribute, and i don't get any dictionary errors

[root at ion raddb]# cat dictionary | grep VPN
ATTRIBUTE       VPNGroupName            3001    string

Joe Vieira
UNIX Systems Administrator
Clark University - ITS



tnt at kalik.co.yu wrote:
> Attribute is most likely VPN-Group-Name. Check in the freeradius
> dictionary.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 9/11/2007, "Joe Vieira" <jvieira at clarku.edu> piše:
>
>   
>> Hi,
>>    I am having some confusing trouble with an LDAP check item.
>> applicable line from ldap attribute file
>>
>> ---
>> checkItem       VPNGroupName                    clarkuVlan
>> ----
>> Users file.
>> ############## VPN USER CONFIG ########################
>> DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
>>        Reply-Message = "Welcome %u, to Clark University's network
>> #AUTHORIZED USE ONLY#",
>>        Fall-Through = Yes
>>
>> ############# VPN TEST USER CONFIG ####################
>>
>> DEFAULT VPNGroupName == testing
>>        CVPN3000-IPSec-Split-Tunneling-Policy = 1,
>>        Filter-Id="itsadmin-filter",
>>        CVPN3000-DHCP-Network-Scope = "140.232.2.1",
>>        CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"
>>
>>
>>
>> debug output
>> ....
>> rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by
>> clarkuVpnAccess
>> rlm_ldap: looking for check items in directory...
>> rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
>> ....
>> Login OK: [CLARKU\\bjulin] (from client vpn port 176)
>> Sending Access-Accept of id 8 to 10.13.13.1 port 1025
>>        Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's
>> network #AUTHORIZED USE ONLY#"
>>        Framed-MTU = 576
>>        MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
>>        MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>>        MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>>        MS-MPPE-Encryption-Policy = 0x00000002
>>        MS-MPPE-Encryption-Types = 0x00000004
>> ....
>>
>> so i see it set the check item VPNGroupName to testing, but it never
>> matches in the users file, can anyone point to what i am doing wrong?
>>
>>
>> --
>> Joe Vieira
>> UNIX Systems Administrator
>> Clark University - ITS
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list