Microsoft AD group check

Marek Smoliński marksmol at o2.pl
Sun Jan 12 22:38:34 CET 2020 

This message is visible at server startup with the freeradius -XXX command

(9)       Checking user object's memberOf attributes
(9)         Performing unfiltered search in "CN=A0700-GARWOLIN,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD", scope "base"
(9)         Waiting for search result...
(9)       Processing memberOf value "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" as a DN
(9)         Resolving group DN "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" to group name
(9)         Performing unfiltered search in "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD", scope "base"
(9)         Waiting for search result...
(9)         Group DN "CN=VLAN130_SIEO1,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD" resolves to name "VLAN130_SIEO1"
rlm_ldap (ldap): Released connection (0)
(9)       User is not a member of "VLAN129"
(9)       elsif (LDAP-Group == VLAN129)  -> FALSE
(9)       elsif (LDAP-Cached-Membership[*] =~ /.*VLAN130_.*/) {


       this is where the message appears - No old matches


(9)       elsif (LDAP-Cached-Membership[*] =~ /.*VLAN130_.*/)  -> FALSE
(9)       elsif (LDAP-Group == VLAN131) {
(9)       Searching for user in group "VLAN131"
rlm_ldap (ldap): Reserved connection (5)
(9)       Using user DN from request "CN=A0700-GARWOLIN,OU=stacje_robocze,OU=Siedlce,DC=domena,DC=AD"
(9)       Checking for user in group objects
(9)         EXPAND (&(cn=VLAN131)(|(&(objectClass=group)(member=%{control:Ldap-UserDn}))))
(9)            --> (&(cn=VLAN131)(|(&(objectClass=group)(member=CN\3dA0700-GARWOLIN\2cOU\3dstacje_robocze\2cOU\3dSiedlce\2cDC\3ddomena\2cDC\3dAD))))
(9)         Performing search in "dc=domena,dc=AD" with filter "(&(cn=VLAN131)(|(&(objectClass=group)(member=CN\3dA0700-GARWOLIN\2cOU\3dstacje_robocze\2cOU\3dSiedlce\2cDC\3ddomena\2cDC\3dAD))))", scope "sub"
(9)         Waiting for search result...
(9)         Search returned no results

regards
Marek Smoliński

Od: Alan DeKok
Wysłano: niedziela, 12 stycznia 2020 22:22
Do: FreeRadius users mailing list
Temat: Re: Microsoft AD group check

On Jan 12, 2020, at 3:27 PM, Marek Smoliński <marksmol at o2.pl> wrote:
> 
> Debug output
> ...
> 
>> On Jan 12, 2020, at 2:40 PM, Marek Smoliński <marksmol at o2.pl> wrote:
>> 
>> I see a message in debug: Debug: No old matches

>That message does not appear in the debug output you posted.

>  Alan DeKok.


>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list