help with ldap/checkitem
Joe Vieira
jvieira at clarku.edu
Fri Nov 9 17:23:35 CET 2007
I created the attribute, and i don't get any dictionary errors
[root at ion raddb]# cat dictionary | grep VPN
ATTRIBUTE VPNGroupName 3001 string
Joe Vieira
UNIX Systems Administrator
Clark University - ITS
tnt at kalik.co.yu wrote:
> Attribute is most likely VPN-Group-Name. Check in the freeradius
> dictionary.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 9/11/2007, "Joe Vieira" <jvieira at clarku.edu> piše:
>
>
>> Hi,
>> I am having some confusing trouble with an LDAP check item.
>> applicable line from ldap attribute file
>>
>> ---
>> checkItem VPNGroupName clarkuVlan
>> ----
>> Users file.
>> ############## VPN USER CONFIG ########################
>> DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
>> Reply-Message = "Welcome %u, to Clark University's network
>> #AUTHORIZED USE ONLY#",
>> Fall-Through = Yes
>>
>> ############# VPN TEST USER CONFIG ####################
>>
>> DEFAULT VPNGroupName == testing
>> CVPN3000-IPSec-Split-Tunneling-Policy = 1,
>> Filter-Id="itsadmin-filter",
>> CVPN3000-DHCP-Network-Scope = "140.232.2.1",
>> CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"
>>
>>
>>
>> debug output
>> ....
>> rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by
>> clarkuVpnAccess
>> rlm_ldap: looking for check items in directory...
>> rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
>> ....
>> Login OK: [CLARKU\\bjulin] (from client vpn port 176)
>> Sending Access-Accept of id 8 to 10.13.13.1 port 1025
>> Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's
>> network #AUTHORIZED USE ONLY#"
>> Framed-MTU = 576
>> MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
>> MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>> MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>> MS-MPPE-Encryption-Policy = 0x00000002
>> MS-MPPE-Encryption-Types = 0x00000004
>> ....
>>
>> so i see it set the check item VPNGroupName to testing, but it never
>> matches in the users file, can anyone point to what i am doing wrong?
>>
>>
>> --
>> Joe Vieira
>> UNIX Systems Administrator
>> Clark University - ITS
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list