Freeradius + Ldap - Authorise OK but NO dynamic VLANs
Matthew Newton
mcn4 at leicester.ac.uk
Tue Aug 23 17:08:53 CEST 2016
On Tue, Aug 23, 2016 at 04:47:53PM +0200, Matthew Pulis wrote:
> This is slapcat (section ttester3):
>
> dn: cn=ttester3,cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local
> sn: Testing
> cn: ttester3
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> structuralObjectClass: inetOrgPerson
> entryUUID: 42d2e1a8-fd6e-1035-856f-63ec2ba52e12
> creatorsName: cn=admin,dc=seminary,dc=local
> createTimestamp: 20160823111245Z
> userPassword:: e1NTSEF9NExWWWZkcjNEN01WZTE4WVhRdytBaXhWOVhkYjJwbGM=
> uid: ttester3
> description: Authenticated at 2016-08-23 13:27:32
> entryCSN: 20160823112732.246710Z#000000#000#000000
> modifyTimestamp: 20160823112732Z
> memberOf: cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local
OK, so memberOf is there.
> modifiersName: cn=admin,dc=seminary,dc=local
...but your debug output shows it can't be found:
> (0) Checking user object's memberOf attributes
> (0) Performing unfiltered search in "cn=ttester3,cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local", scope "base"
> (0) Waiting for search result...
> (0) No group membership attribute(s) found in user object
which would indicate there is a permission error - the user you
are binding as doesn't have access to read the memberOf attribute.
I don't think slapcat cares about permissions (so it can read
everything)? - so not as helpful as ldapsearch.
When the ldapsearch command I sent earlier (or similar) returns
the memberOf attribute, you should be fine. Until then, it's an
OpenLDAP config issue and nothing to do with FreeRADIUS.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list