Checkval weird issue with LDAP backend and PAM authentication

Sat Nov 27 00:04:34 CET 2010

Hi Alan
>
>> but I have not been able to see a working example using ldap,
>
> if (NAS-Identifier == "%{ldap: ... ldap stuff ... }") {
>
>
>> thinking at the %{sql:SELECT ...} example I tough I syntax almost  
>> like this
>>
>>        if (NAS-Identifier ==
>> "ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local
>> (eckAllowedServices)" ) {
>
>  You didn't use the same form as the SQL example.  The brackets have
> *meaning*: %{}

if (NAS-Identifier == {ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)} ) {
    ok
}

when start radiusd in debug mode I got:

Expected string or numbers at: ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)} )
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.

is for that reason I did not use brackets - I got a syntax error, so I  
tought it was wrong to use them in this way

if I modify to the following in

if (NAS-Identifier == "{ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) {
    ok
}

radiusd starts well, but when tring to authenticate I got the  
following message:

++? if (NAS-Identifier == "{ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" )
         expand: {ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local  
(eckAllowedServices)} ->  
{ldap:cn=testuser,ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}
? Evaluating (NAS-Identifier == "{ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) -> FALSE
++? if (NAS-Identifier == "{ldap:cn=%{User- 
Name},ou=Users,dc=marcolinux,dc=local (eckAllowedServices)}" ) -> FALSE
++- entering else else {...}
+++[reject] returns reject
++- else else returns reject
Using Post-Auth-Type Reject

%{User-Name} is expanded right, ... is my syntax that is certainly  
wrong so that unlang see is just like a string to compare

Alan, ... why you don't just provide a working example - I'm working  
on a GPL'ed app - ECK, if you give a look to sourceforge you can find  
it - and now are almost two years I spent many of my nights - I have  
to work during the day - and part of my weekends in a project that I  
think somebody could find usefull. Maybe one day many people will use  
it to build their base system and simply do not write to this list  
asking ho to have freeradius working with PAM, LDAP and so on because  
thanks to ECK they'll got a working environment in less than an hour.  
Maybe they'll stress you just on how to improve it

you work on freeradius because you belive in your project, I work on  
mine because I belive in mine. I belive in your project and put it  
into mine. We both work without beeing paid by anybody, just for passion

Now I'm at the final race, ... I really do not understand why you  
cannot provide just an example - maybe I am a stupid, but I re-read  
more times unlang manual without beeing able to figure the right syntax

Marco