groupcmp fails during tunneled request

Matthieu Lazaro matthieu.lazaro at eservglobal.com
Mon Jun 29 11:49:51 CEST 2009 

Ivan Kalik a écrit :
>> Content of my huntgroup file.
>> WIFI            NAS-Identifier == "accessPoint-Manager"
>>                 Ldap-Group  == wireless,
>>                 Ldap-Group  == wireless2,
>> REM             NAS-IP-Address == 10.44.12.2
>>                 Ldap-Group == REM
>>
>>     
>
> OK.
>
>   
>> Content of my user file:
>> DEFAULT Framed-Protocol == PPP
>>         Framed-Protocol = PPP,
>>         Framed-Compression = Van-Jacobson-TCP-IP
>> DEFAULT Hint == "CSLIP"
>>         Framed-Protocol = SLIP,
>>         Framed-Compression = Van-Jacobson-TCP-IP
>> DEFAULT Hint == "SLIP"
>>         Framed-Protocol = SLIP
>> DEFAULT Ldap-Group == BANNED , Auth-Type := Reject
>>         Reply-Message = "Account disabled.  Please call the helpdesk."
>> DEFAULT Huntgroup-Name == WIFI, Auth-Type = eap
>>         Fall-Through = no,
>>     
>
> That should match (remove that Auth-Type from this and REM entry). But ...
>
>   
>> DEFAULT Huntgroup-Name == REM, Auth-Type = ldap
>>         Fall-Through = no,
>> DEFAULT Auth-Type := Reject
>>         Reply-Message = "Please call the helpdesk."
>>
>>     
> ...
>   
>> server inner-tunnel {
>> +- entering group authorize {...}
>> ++[mschap] returns noop
>> [suffix] No '@' in User-Name = "alicebob", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] EAP packet type response id 7 length 11
>> [eap] No EAP Start, assuming it's an on-going EAP conversation
>> ++[eap] returns updated
>> rlm_ldap: Entering ldap_groupcmp()
>> [files]         expand: dc=companyname,dc=com -> dc=companyname,dc=com
>>     
>
> ... you haven't enabled preprocess in inner-tunnel server. Huntgroups are
> processed in preprocess.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>   
Hello Again,

I am having an issue with the groups again.....

WIFI            NAS-Identifier == "accessPoint-Manager"
                Ldap-Group  == wireless,
                Ldap-Group  == wireless2,

When I have the attribute wireless it works without a flaw, if I have both, it's ok, if I have *ONLY* wireless2 it says "no huntgroup " and I'm rejected.

Any ideas?

Best Regards,

Matthew

More information about the Freeradius-Users mailing list