ldap group membership check issue
Евгений Подберезкин
epodber at gmail.com
Fri Oct 27 12:03:10 CEST 2017
Hello.
I'm trying to check a group of user in Active directory (Win2008) using
rlm_ldap. While we have several domains in transitive relations, I should
send username with domain part. When domain name is a suffix (
epodberezkin at chtpz.ru), it is working, prefix - not (when windows uses
login username and domain automatically - f.e. CHTPZ0\epodberezkin)
part of mods-enabled/ldap
user {
base_dn = "dc=chtpz,dc=ru"
filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
sasl {
}
}
Output of radiusd -X shows, that "DOMAIN\" part is not removed, so
sAMAccountname is incorrect
Fri Oct 27 14:48:39 2017 : Debug: (7) files: Searching for user in group
"CN=WiFi_CHTPZ,OU=WiFi,OU=CHTPZ,DC=chtpz,DC=ru"
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Reserved connection
(0)
Fri Oct 27 14:48:39 2017 : Debug:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
Fri Oct 27 14:48:39 2017 : Debug: Parsed xlat tree:
Fri Oct 27 14:48:39 2017 : Debug: literal --> (sAMAccountName=
Fri Oct 27 14:48:39 2017 : Debug: XLAT-IF {
Fri Oct 27 14:48:39 2017 : Debug: attribute --> Stripped-User-Name
Fri Oct 27 14:48:39 2017 : Debug: }
Fri Oct 27 14:48:39 2017 : Debug: XLAT-ELSE {
Fri Oct 27 14:48:39 2017 : Debug: attribute --> User-Name
Fri Oct 27 14:48:39 2017 : Debug: }
Fri Oct 27 14:48:39 2017 : Debug: literal --> )
Fri Oct 27 14:48:39 2017 : Debug: (7) files: EXPAND
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
Fri Oct 27 14:48:39 2017 : Debug: (7) files: --> (
*sAMAccountName=CHTPZ0\5c5cepodberezkin*)
Fri Oct 27 14:48:39 2017 : Debug: (7) files: Performing search in
"dc=chtpz,dc=ru" with filter "(sAMAccountName=CHTPZ0\5c5cepodberezkin)",
scope "sub"
Fri Oct 27 14:48:39 2017 : Debug: (7) files: Waiting for search result...
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Rebinding to URL
ldap://DomainDnsZones.chtpz.ru/DC=DomainDnsZones,DC=chtpz,DC=ru
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Waiting for bind
result...
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Rebinding to URL
ldap://ForestDnsZones.chtpz.ru/DC=ForestDnsZones,DC=chtpz,DC=ru
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Waiting for bind
result...
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Rebinding to URL
ldap://chtpz.ru/CN=Configuration,DC=chtpz,DC=ru
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Waiting for bind
result...
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Bind successful
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Bind successful
Fri Oct 27 14:48:39 2017 : Debug: rlm_ldap (chtpzldap): Bind successful
Fri Oct 27 14:48:39 2017 : Debug: (7) files: Search returned no results
How can I fix this??
More information about the Freeradius-Users
mailing list