freeradius openldap config help please
Steven Pokrandt
spokra at gmail.com
Fri Jun 8 20:34:45 CEST 2012
I have the following versions
@(#) $OpenLDAP: slapd 2.4.21 (Dec 19 2011 15:40:04) $
buildd at allspice:/build/buildd/openldap-2.4.21/debian/build/servers/slapd
freeradius: FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu,
built on Jan 5 2010 at 02:56:18
I'm trying to import the ldif I created from the opnldap.schema
provided in freeradius, I converted with slaptest. I've deleted the
lines at the end of the file as described in the conversion HOWTO's.
Any help getting a good ldif file to import would be a great help.. I
feel I'm very close!!
here is the ldif file i have. and the erro i get when loading
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
dn: cn={0}radius-ldap
objectClass: olcSchemaConfig
cn: {0}radius-ldap
olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DES
C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DES
C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC '
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VAL
UE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
LUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
LE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
GLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC '' EQ
UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
GLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC '
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {11}( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalk
Link' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalk
Network' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26 )
olcAttributeTypes: {13}( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalk
Zone' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompressi
on' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
olcAttributeTypes: {15}( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
NGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
NGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwor
k' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
INGLE-VALUE )
olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
GLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DE
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
LE-VALUE )
olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' E
QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
)
olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DE
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE
-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DE
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
LE-VALUE )
olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {30}( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService
' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SI
NGLE-VALUE )
olcAttributeTypes: {31}( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
LE-VALUE )
olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC
'' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING
LE-VALUE )
olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC ''
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU
E )
olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToReal
m' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
INGLE-VALUE )
olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC ''
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
)
olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DE
SC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE
-VALUE )
olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
GLE-VALUE )
olcAttributeTypes: {42}( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationActi
on' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
olcAttributeTypes: {43}( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmen
tId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
olcAttributeTypes: {44}( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumTyp
e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {45}( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword'
DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
GLE-VALUE )
olcAttributeTypes: {46}( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreferenc
e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {47}( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGr
oupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEnd
point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DES
C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQ
UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEnd
point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: {52}( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse
' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {53}( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
ALUE )
olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName'
DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC ''
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU
E )
olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DES
C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
VALUE )
olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {59}( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DESC
'' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {60}( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
E-VALUE )
olcAttributeTypes: {61}( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' D
ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' S
UP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radi
usArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientI
PAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalk
Network $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedI
PAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $
radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute
$ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ r
adiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLAT
Node $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radi
usLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ ra
diusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radi
usServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminatio
nAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUs
e $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword
$ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEnd
point $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration
$ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' DES
C 'A Container Objectclass to be used for creating radius profile object' SUP
top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) )
More information about the Freeradius-Users
mailing list