help with ldap/checkitem

Joe Vieira jvieira at clarku.edu
Fri Nov 9 20:26:17 CET 2007 

so a little more info on this

if i change

DEFAULT VPNGroupName == testing
       CVPN3000-IPSec-Split-Tunneling-Policy = 1,
       Filter-Id="itsadmin-filter",
       CVPN3000-DHCP-Network-Scope = "140.232.2.1",
       CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"

to

DEFAULT VPNGroupName =* testing
       CVPN3000-IPSec-Split-Tunneling-Policy = 1,
       Filter-Id="itsadmin-filter",
       CVPN3000-DHCP-Network-Scope = "140.232.2.1",
       CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"

i STILL don't get the attribute...so clearly i am doing something VERY 
wrong, is anyone able to send me in the right direction?

Joe Vieira
UNIX Systems Administrator
Clark University - ITS



Joe Vieira wrote:
> I created the attribute, and i don't get any dictionary errors
>
> [root at ion raddb]# cat dictionary | grep VPN
> ATTRIBUTE       VPNGroupName            3001    string
>
> Joe Vieira
> UNIX Systems Administrator
> Clark University - ITS
>
>
>
> tnt at kalik.co.yu wrote:
>   
>> Attribute is most likely VPN-Group-Name. Check in the freeradius
>> dictionary.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 9/11/2007, "Joe Vieira" <jvieira at clarku.edu> piše:
>>
>>
>>     
>>> Hi,
>>>    I am having some confusing trouble with an LDAP check item.
>>> applicable line from ldap attribute file
>>>
>>> ---
>>> checkItem       VPNGroupName                    clarkuVlan
>>> ----
>>> Users file.
>>> ############## VPN USER CONFIG ########################
>>> DEFAULT NAS-Port-Type == Virtual, Framed-Protocol == PPP, Autz-Type := VPN
>>>        Reply-Message = "Welcome %u, to Clark University's network
>>> #AUTHORIZED USE ONLY#",
>>>        Fall-Through = Yes
>>>
>>> ############# VPN TEST USER CONFIG ####################
>>>
>>> DEFAULT VPNGroupName == testing
>>>        CVPN3000-IPSec-Split-Tunneling-Policy = 1,
>>>        Filter-Id="itsadmin-filter",
>>>        CVPN3000-DHCP-Network-Scope = "140.232.2.1",
>>>        CVPN3000-IPSec-Split-Tunnel-List ="itsadmin-routes"
>>>
>>>
>>>
>>> debug output
>>> ....
>>> rlm_ldap: checking if remote access for CLARKU\bjulin is allowed by
>>> clarkuVpnAccess
>>> rlm_ldap: looking for check items in directory...
>>> rlm_ldap: Adding clarkuVlan as VPNGroupName, value testing & op=21
>>> ....
>>> Login OK: [CLARKU\\bjulin] (from client vpn port 176)
>>> Sending Access-Accept of id 8 to 10.13.13.1 port 1025
>>>        Reply-Message = "Welcome CLARKU\\\\bjulin, to Clark University's
>>> network #AUTHORIZED USE ONLY#"
>>>        Framed-MTU = 576
>>>        MS-CHAP2-Success = 0xxxxxxxxxxxxxxxxxxxxxxxxx
>>>        MS-MPPE-Recv-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>>>        MS-MPPE-Send-Key = 0xxxxxxxxxxxxxxxxxxxxxxxx
>>>        MS-MPPE-Encryption-Policy = 0x00000002
>>>        MS-MPPE-Encryption-Types = 0x00000004
>>> ....
>>>
>>> so i see it set the check item VPNGroupName to testing, but it never
>>> matches in the users file, can anyone point to what i am doing wrong?
>>>
>>>
>>> --
>>> Joe Vieira
>>> UNIX Systems Administrator
>>> Clark University - ITS
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>>>
>>>       
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>     
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list