users advanced configuration [SEC=UNCLASSIFIED]

Tribes Tom tribes.tom at gmail.com
Tue May 20 09:51:06 CEST 2008 

Thks for your help, it s very interesting. I have a little hard to
understand how it works and it help me much.
But I can t made it run :s

When i try with line you have show me. I can't log with any user.

My server openldap say there isn't any connection from freeradius in his log

here is an exemple of one user :

dn: uid=Thomas01,ou=heure,dc=network,dc=local
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: Thomas01


In freeradius here is result of : freeradius -xxyz

Thread 2 handling request 1, (1 handled so far)
    User-Name = "Thomas01"
    User-Password = "*******"
    NAS-IP-Address = 0.0.0.0
    Service-Type = Login-User
    Framed-IP-Address = 192.168.x.3
    Calling-Station-Id = "00-18-DE-C8-D9-87"
    Called-Station-Id = "00-0C-29-8A-5B-1C"
    NAS-Identifier = "nas01"
    Acct-Session-Id = "48327d7900000001"
    NAS-Port-Type = Wireless-802.11
    NAS-Port = 1
    Message-Authenticator = 0x25d1a7b602061b5167c20539366b1e8d
    WISPr-Logoff-URL = "http://192.168.x.1:3990/logoff"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
  modcall[authorize]: module "files" returns notfound for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
  modcall[authorize]: module "daily" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [Thomas01] (from client hotspot port 1 cli
00-18-DE-C8-D9-87)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 483280f4
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.x.253:59308, id=0,
length=198
Sending Access-Reject of id 0 to 192.168.x.253 port 59308
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 483280fa
Nothing to do.  Sleeping until we see a request.



If you have any idea it would help me much, i can provide my config files if
u want.

Thks a lot

Thomas
Tribolet






2008/5/20 Ranner, Frank MR <Frank.Ranner at defence.gov.au>:

> UNCLASSIFIED
>
> From:
> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.freeradius.or
> g
> [mailto:freeradius-users-bounces+frank.ranner<freeradius-users-bounces%2Bfrank.ranner>
> =defence.gov.au at lists.freer
> adius.org] On Behalf Of Tribes Tom
> Sent: Monday, 19 May 2008 18:33
> To: FreeRadius users mailing list
> Subject: Re: users advanced configuration [SEC=UNCLASSIFIED]
>
>
>
>        Can you explain how to do this ?
>
>        I have try this :
>
>        DEFAULT        Auth-Type = ldap,Max-Daily-Session :=
> 3600,Ldap-UserDN := `uid=%{User-Name},ou=heure,dc=network,dc=local`
>
> All three element of your test are assignments that always return true.
> You compare using == not :=
> Try:
> DEFAULT        Ldap-UserDN ==
> `uid=%{User-Name},ou=heure,dc=network,dc=local`, Max-Daily-Session :=
> 3600
>
> Or
>
> DEFAULT        Ldap-UserDN =~ "^uid=.*,ou=heure,dc=network,dc=local$",
> Max-Daily-Session := 3600
>
> Matching is done from left to right, so Max-Daily-Session is only set if
> the Ldap-UserDN matches. It is probably unnecessary to set Auth-Type.
>
> Regards,
> Frank Ranner
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080520/55a1dc2b/attachment.html>

More information about the Freeradius-Users mailing list