Problems with EAP and LDAP replyItems (2.0.2)

Chaos Commander tschaos at gmx.net
Wed Aug 20 11:09:27 CEST 2008 

-------- Original-Message --------
> Datum: Wed, 20 Aug 2008 09:18:57 +0100
> Von: "Ivan Kalik" <tnt at kalik.net>
> An: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Betreff: Re: Problems with EAP and LDAP replyItems (2.0.2)

> radiusCallingStationId is already mapped as Calling-Sattion-Id. Use
> another ldap attribute name for this.
> 
> Ivan Kalik
> Kalik Informatika ISP

I commented the original line containing the mapping between Calling-station-id and radiusCallingStationId out. So there shouldnt be any complications.
By the way, its independent from the attribute-name, so even if i change the source-ldap-attribute, the problem still occurs.


> 
> Dana 20/8/2008, "tschaos at gmx.net" <tschaos at gmx.net> piše:
> 
> >-------- Original-Message --------
> >> Datum: Tue, 19 Aug 2008 17:37:34 +0200
> >> Von: tschaos at gmx.net
> >> An: freeradius-users at lists.freeradius.org
> >> Betreff: Problems with EAP and LDAP replyItems (2.0.2)
> >
> >> Hi Guys,
> >> 
> >> Since freeradius2 has some major improvements I try to upgrade from
> 1.1.4.
> >> Unfortunately there are a few problems i encounter:
> >> 
> >> cause of some weird reason the server isn't sending back my LDAP
> >> replyItems back to the NAS along the Access-Accept packet.
> >> 
> >> In short i want to authenticate using EAP/PEAP against the server,
> which
> >> itself checks against our LDAP Server. Additionally the server should
> also
> >> send back a specific replyItem stored in our LDAP.
> >> 
> >> configuration looks like:
> >> 
> >> authorize {
> >>         preprocess
> >>         eap {
> >>                 ok = return
> >>         }
> >> 
> >>         ldap1
> >> }
> >> 
> >> 
> >> authenticate {
> >>         Auth-Type MS-CHAP {
> >>                 mschap
> >>         }
> >>         eap
> >> }
> >> 
> >> in ldap.attrmap the following is configured:
> >> 
> >> replyItem       Airespace-Interface-Name        radiusCallingStationId
> >> 
> >> so LDAP-Attribute radiusCallingStationId should be transformed to an
> >> attribute called "Airespace-Interface-Name" and sent back to the NAS.
> >> 
> >> As you can see in the following debug-output, at the beginning the
> server
> >> sends the attribute back as supposed, but for some weird reason in the
> >> access-accept packet the attribute isnt sent along.
> >> 
> >> whats wrong here? 
> >> 
> >> Thanks in advance!
> >> 
> >> debug-output: [cutted]
> >
> >Noone has any clue, why this doesnt work? I really wanted to deploy the
> server tonight.
> >
> >Any help is welcome!
> >
> >thanks,
> >Peter
> >-- 
> >Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
> >Der Eine für Alle: http://www.gmx.net/de/go/messenger03
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03

More information about the Freeradius-Users mailing list