LDAP Auth
Dave Rummel
daverummel at boothcreek.com
Fri Jun 5 00:30:02 CEST 2009
First off I am totally new to radius...but really love the concept. I
have radius working with ldap to authorize the user if they are in the
corporate directory, o=lookout. My next step is to filter it by category
to the NAS device. I have been looking at quite a few examples, but
nothing seems to stick.
In order for me to just grasp the concept, I have tried this in the
users file, o=lookout is our complete list of all of our users
DEFAULT Huntgroup-Name == CiscoAdmin, Ldap-Group == "o=lookout"
Fall-Through = no
DEFAULT Auth-Type := Reject
If I comment out the Reject, the user is able to authenticate to the
Cisco Router, as soon as uncomment it out, I get rejected...here is the
log file from it.
Thu Jun 4 16:15:52 2009 : Info: [ldap] user daverummel authorized to
use remote access
Thu Jun 4 16:15:52 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Jun 4 16:15:52 2009 : Info: ++[ldap] returns ok
Thu Jun 4 16:15:52 2009 : Info: ++[expiration] returns noop
Thu Jun 4 16:15:52 2009 : Info: ++[logintime] returns noop
Thu Jun 4 16:15:52 2009 : Info: Found Auth-Type = Reject
Thu Jun 4 16:15:52 2009 : Info: Auth-Type = Reject, rejecting user
Thu Jun 4 16:15:52 2009 : Info: Failed to authenticate the user.
Thu Jun 4 16:15:52 2009 : Auth: Login incorrect: [daverummel] (from
client R1 port 98 cli 216.103.190.220)
Thu Jun 4 16:15:52 2009 : Info: Using Post-Auth-Type Reject
Thu Jun 4 16:15:52 2009 : Info: +- entering group REJECT {...}
Thu Jun 4 16:15:52 2009 : Info: [attr_filter.access_reject] expand:
%{User-Name} -> daverummel
Thu Jun 4 16:15:52 2009 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Thu Jun 4 16:15:52 2009 : Info: ++[attr_filter.access_reject] returns
updated
Thu Jun 4 16:15:52 2009 : Info: Delaying reject of request 0 for 1 seconds
Thu Jun 4 16:15:52 2009 : Debug: Going to the next request
Thu Jun 4 16:15:52 2009 : Debug: Waking up in 0.9 seconds.
Thu Jun 4 16:15:53 2009 : Info: Sending delayed reject for request 0
The line I am really trying to understand is this one, where is this
line 11 ?
*Thu Jun 4 16:15:52 2009 : Debug: attr_filter: Matched entry DEFAULT
at line 11
*Thanks for your help
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090604/391904a5/attachment.html>
More information about the Freeradius-Users
mailing list