Freeradius-Users Digest, Vol 124, Issue 23

Rui Ribeiro ruyrybeyro at gmail.com
Wed Aug 12 14:51:08 CEST 2015


Hi Zeus,

When I migrated from 2 to 3, I also had your problem and I gave up on users
altogether, and coded everything in unlang.  I could swear there are
differences in the user files processing from 2 to 3, although I will have
to go look to detail the specifics.

There is also the advantage it is easier to control exactly where the rules
are applied.

Regards,


> Message: 2
> Date: Wed, 12 Aug 2015 01:22:27 -2100
> From: "Zeus Panchenko" <zeus at ibs.dn.ua>
> To: "Alan DeKok" <aland at deployingradius.com>
> Cc: Buxey Alan <A.L.M.Buxey at lboro.ac.uk>, FreeRadius users mailing
>         list <freeradius-users at lists.freeradius.org>
> Subject: Re: why is Called-Station-SSID not processed?
> Message-ID: <20150812012227.8162 at smtp.new-ukraine.org>
> Content-Type: text/plain; charset="utf-8"
>
> Alan DeKok <aland at deployingradius.com> wrote:
> > On Aug 8, 2015, at 10:48 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
> > > and in general ... what is the LDAP equivalent to users file
> configuration?
> >
> >   There is no LDAP equivalent to the "users" file configuration.  If
> there was, it would be documented.
> >
>
> ok, finally I have checked my v.2.x "users" file configuration against
> v.3.0.9 installation and found, that in my case,
>
> User-Profile, set for DEFAULT user in "users" is not applied at all
> ... though group check is passed successfully
>
> and I am unable to find anything what could shade light on the cause
> ... so, help me to see it please ...
>
> here is what I receive:
>
> ---[ -X debug start ]-------------------------------------------
> ...
> (6) files: No group membership attribute(s) found in user object
> rlm_ldap (ldap): Released connection (8)
> (6) files: User is not a member of "wifi-lcu"
> (6) files: Searching for user in group "visitor"
> rlm_ldap (ldap): Reserved connection (9)
> (6) files: Using user DN from request
> "uid=rad-visitor,authorizedService=802.1x-eap-tls at xyz
> ,uid=fo02-admin,ou=People,dc=xyz"
> (6) files: Checking for user in group objects
> (6) files:   EXPAND
> (&(cn=visitor)(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))
> (6) files:      --> (&(cn=visitor)(memberUid=rad-visitor))
> (6) files:   Performing search in "ou=groups,ou=RADIUS,dc=xyz" with filter
> "(&(cn=visitor)(memberUid=rad-visitor))", scope "sub"
> (6) files:   Waiting for search result...
> (6) files: User found in group object "ou=groups,ou=RADIUS,dc=xyz"
> rlm_ldap (ldap): Released connection (9)
> (6) files: users: Matched entry DEFAULT at line 95
> (6) files: EXPAND User-Profile is %{User-Profile}
> (6) files:    --> User-Profile is
> (6)       [files] = ok
> rlm_ldap (ldap): Reserved connection (10)
> ...
> ---[ -X debug end   ]-------------------------------------------
>
>
>
> ---[ "users" file starting from L95 quotation start ]-----------
> DEFAULT Ldap-Group == 'visitor', User-Profile :=
> "cn=visitor,ou=profiles,ou=RADIUS,dc=ibs"
>         Reply-Message := "User-Profile is %{User-Profile}",
>         Fall-Through = no
> ---[ "users" file quotation end   ]-----------------------------
>
>

-- 
Regards,

--
Rui Ribeiro
Senior Sysadm
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


More information about the Freeradius-Users mailing list