Block guest VPN

Sazzad Hossain sazzad.suzon89 at gmail.com
Wed Sep 22 17:08:39 CEST 2021 

Hello,

i have found my mistake and change it [@ sites-enables/default] but now it
shows this failure output. Any idea?


Regards





_____________________________________________________________________________________________________________________________________________________________________________
  }
rlm_ldap (ldap): Initialising connection pool
   pool {
    start = 5
    min = 3
    max = 32
    spare = 10
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 30
    spread = no
   }
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots
used
rlm_ldap (ldap): Connecting to ldap://10.9.25.56:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots
used
rlm_ldap (ldap): Connecting to ldap://10.9.25.56:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots
used
rlm_ldap (ldap): Connecting to ldap://10.9.25.56:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots
used
rlm_ldap (ldap): Connecting to ldap://10.9.25.56:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots
used
rlm_ldap (ldap): Connecting to ldap://10.9.25.56:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
  # Instantiating module "logintime" from file
/etc/freeradius/3.0/mods-enabled/logintime
  # Instantiating module "files" from file
/etc/freeradius/3.0/mods-enabled/files
reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
/etc/freeradius/3.0/mods-config/files/authorize[96]: *Entry does not begin
with a user name*
*Failed reading /etc/freeradius/3.0/mods-config/files/authorize*
/etc/freeradius/3.0/mods-enabled/files[9]: *Instantiation failed for module
"files"*







On Wed, Sep 22, 2021 at 3:30 PM Jonathan Davis <jonathan at prioritycolo.com>
wrote:

> Except it doesn't look like it is a guest user?
>
> (0)     if (Ldap-Group == "Gast") {
> (0)     Searching for user in group "Gast"
> rlm_ldap (ldap): Reserved connection (2)
> (0)     Using user DN from request "uid=riedel,ou=people,dc=fr"
> (0)     Checking user object's memberOf attributes
> (0)       Performing unfiltered search in "uid=riedel,ou=people,dc=fr",
> scope "base"
> (0)       Waiting for search result...
> (0)       Search returned no results
> (0)     Can't check membership attributes, user object not found
> rlm_ldap (ldap): Released connection (2)
> (0)     User is not a member of "Gast"
>
> Check the rlm_ldap docs ?
>
> Jonathan Davis - Priority Colo Inc.
> jonathan at prioritycolo.com - https://www.prioritycolo.com
> 1-888-AS-30176 (1-888-273-0176) x304
>
> On 2021-09-22 9:26 a.m., Sazzad Hossain wrote:
> > Hello,
> >
> > yes,that's the problem.Although its a guest user,it shows following:
> >
> > _______________________________________________________________
> >
> > 0)     *User is not a member of "Gast" [ALthough user is a guest]*
> > (0)     if (Ldap-Group == "Gast")  -> FALSE
> > (0)     [expiration] = noop
> > (0)     [logintime] = noop
> >
> > ________________________________________________________________
> >
> > THanks
> >
> > On Wed, Sep 22, 2021 at 3:22 PM Alan DeKok <aland at deployingradius.com>
> > wrote:
> >
> >> On Sep 22, 2021, at 9:19 AM, Sazzad Hossain <sazzad.suzon89 at gmail.com>
> >> wrote:
> >>> Another question, although after those two changes [mentioned above],
> the
> >>> server is still allowing the GUEST users to login.What i am doing
> wrong?
> >>    Read the debug output, and see if it's doing what you want.
> >>
> >>
> >>> (0)     if (Ldap-Group == "Gast")  -> FALSE
> >>    That seems relevant.
> >>
> >>    Alan DeKok.
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list