ldap attribute update

Anirudh Malhotra 8zero2ops at gmail.com
Thu Mar 31 16:37:48 CEST 2016


Hi,

Alan yes thats what i was suspecting that my inner tunnel attributes were not getting to outer virtual server. That is why remember i tried outer.control in my first mail, so i was on the right track but was doing it with the wrong approach i know i didnt read that i can use tunnelled reply(depreciated) or as u said session-state and not control as its not cached. So i was able to achieve what i wanted.

Apologies again for asking bad question and not reading the document properly(i read the debug properly though :p)

One small question if i am using session-state only to cache username
Like:
Update {
outer.session-state:User-Name :=&User-Name
}
Do i still need to unset MS-MPPE attributes?

BR,
Anirudh Malhotra
8zero2
Mail: 8zero2.in at gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in


On 31 Mar 2016, 19:14 +0530, Alan DeKok<aland at deployingradius.com>, wrote:
> On Mar 31, 2016, at 12:29 AM, Anirudh Malhotra<8zero2ops at gmail.com>wrote:
> > Sorry for making you angry, but I am looking at the debug logs very
> > carefully from the starting.
> 
> I'm not angry. I'm telling you you need to read the debug logs. Because so far, it looks like you're not reading them.
> 
> i.e. your questions are answered by reading the debug logs.
> 
> > I had to take permissions to post them here,
> > That is why I was asking those questions. Again I apologise for asking
> > probably wrong questions, I just thought the thing I posted was enough.
> 
> Since you were told REPEATEDLY to post / read the debug logs. No, what you posted wasn't enough.
> 
> > But
> > here is the debug in which ldap module is called and unlang is called, if
> > you could please help me in finding my mistake, I have marked to relevant
> > information in red
> 
> The list strips HTML.
> 
> The debug logs shows what I suspected. You're not reading it.
> 
> Packet 8 shows it using LDAP and setting control:wifi. Then in packet 9, it checks control:wifi. Which doesn't exist.
> 
> In case you hadn't noticed, each packet is processed independently. If you want control:wifi to be available in packet 9, you either have to cache the results from packet 8, or run ldap when packet 9 is received.
> 
> In recent versions of the server, see raddb/sites-available/default. Look for "session-state".
> 
> Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list