FreeRadius 3 OpenLDAP and MAC based Auth
Nathan Ward
lists+freeradius at daork.net
Tue Jan 8 11:33:58 CET 2019
Hi,
> On 8/01/2019, at 11:12 PM, Jürgen Northe <jn at northe-online.de> wrote:
>
> Hi Alan,
> I have to admit that I have not read the instructions on how to create a bug report completely because I do not have seen such structured requirements ever before. That makes sense, of course! Excuse me. I'll do better - I promise!
I would caution against calling your messages a bug report - bug implies that the software is not behaving as it was designed and has a bug that needs to be fixed in the software, however, the problem in your case is configuration, not the software.
>>> filter =
>>> "(|(cn=%{%{StrippedUserName}:%{UserName}})(macAddress=%{%{StrippedUserName}:%{UserName}}))”
But:
> (0) ldap1: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
Looks to me like this config isn’t taking - the FreeRADIUS debug will show you exactly what’s happening, it’s good idea to read through it in detail and try understand it when debugging stuff. Even if you don’t solve your problem and need to come to the list, you’ll certainly learn a lot about how things work, which will help you in the future.
I see further down you have a user sub section, with:
filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"
The filter config you have included above is in the wrong place, based on your previous email. It looks like you’ve removed a bunch of the comments and so on from the original file. Unless you really know what you’re doing, I’d strongly suggest against doing that.
You say you have taken required parameters from FR2 and loaded them in to the FR3 config, but, I see parameters like “set_auth_type” which are not FR3 parameters, and are documented in the ldap config in FR3 (in the important comments I just mentioned) as follows:
# Note: set_auth_type was removed in v3.x.x
My suggestion to you:
Throw away the “ldap1” file you’ve created. Copy a FR3 ldap config file, go through it line by line, and where it is asking for parameters consult your FR2 config for their values. Don’t copy FR2 parameters across to the same structure hoping they will work.
Again, take the time to read all the comments. You might not solve your problem, but you’ll learn a heck of a lot about how things work, which will be valuable to you in the future.
--
Nathan Ward
More information about the Freeradius-Users
mailing list