why is Called-Station-SSID not processed?
Zeus Panchenko
zeus at ibs.dn.ua
Thu Aug 13 00:22:27 CEST 2015
Alan DeKok <aland at deployingradius.com> wrote:
> On Aug 8, 2015, at 10:48 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
> > and in general ... what is the LDAP equivalent to users file configuration?
>
> There is no LDAP equivalent to the "users" file configuration. If there was, it would be documented.
>
ok, finally I have checked my v.2.x "users" file configuration against
v.3.0.9 installation and found, that in my case,
User-Profile, set for DEFAULT user in "users" is not applied at all
... though group check is passed successfully
and I am unable to find anything what could shade light on the cause
... so, help me to see it please ...
here is what I receive:
---[ -X debug start ]-------------------------------------------
...
(6) files: No group membership attribute(s) found in user object
rlm_ldap (ldap): Released connection (8)
(6) files: User is not a member of "wifi-lcu"
(6) files: Searching for user in group "visitor"
rlm_ldap (ldap): Reserved connection (9)
(6) files: Using user DN from request "uid=rad-visitor,authorizedService=802.1x-eap-tls at xyz,uid=fo02-admin,ou=People,dc=xyz"
(6) files: Checking for user in group objects
(6) files: EXPAND (&(cn=visitor)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))
(6) files: --> (&(cn=visitor)(memberUid=rad-visitor))
(6) files: Performing search in "ou=groups,ou=RADIUS,dc=xyz" with filter "(&(cn=visitor)(memberUid=rad-visitor))", scope "sub"
(6) files: Waiting for search result...
(6) files: User found in group object "ou=groups,ou=RADIUS,dc=xyz"
rlm_ldap (ldap): Released connection (9)
(6) files: users: Matched entry DEFAULT at line 95
(6) files: EXPAND User-Profile is %{User-Profile}
(6) files: --> User-Profile is
(6) [files] = ok
rlm_ldap (ldap): Reserved connection (10)
...
---[ -X debug end ]-------------------------------------------
---[ "users" file starting from L95 quotation start ]-----------
DEFAULT Ldap-Group == 'visitor', User-Profile := "cn=visitor,ou=profiles,ou=RADIUS,dc=ibs"
Reply-Message := "User-Profile is %{User-Profile}",
Fall-Through = no
---[ "users" file quotation end ]-----------------------------
--
Zeus V. Panchenko jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150812/04bc3df8/attachment.sig>
More information about the Freeradius-Users
mailing list