Re: Attributes Missing - Auth with ldap
This is a discussion on Re: Attributes Missing - Auth with ldap within the FreeRADIUS Users forums, part of the Networking and Network Related category; Firstly, run freeradius is debug mode (radiusd -X) and it will tell you exactly what it is doing. You should ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-20-2005
|
|||
|
|||
Re: Attributes Missing - Auth with ldap
Firstly, run freeradius is debug mode (radiusd -X) and it will tell you
exactly what it is doing. You should be able to see which attribute it has retrieved from the directory to add to the reply. A few things to look at would be: 1) Do you have ldap configured in the authorize section of radiusd.conf? This is where it picks up the attributes from the user's record. 2) If the answer to 1 is yes, You're doing an anonymous bind to the LDAP server. Does that give you the necessary access rights to read the record from LDAP? 3) If the answer to 2 is yes, are the attributes you're trying to read/return configured in $prefix/etc/raddb/ldap.attrmap Hope that helps, and guides you on your way to a solution. regards, Mike Andre Herkenrath wrote: > Hi, > > I have a very strange problem. > I authenticate a user agains a Novell 6 Server, which is not the > problem. > But I need some Attributes from the authentication brought back to the > NAS > > I put these in the users file and it worked with another server: > > Users (complete) > ----------------- > DEFAULT Auth-Type :=3DLDAP ,Ldap-Group =3D=3D "CN=3DWGRAS,O=3DFKEL" > Reply-Message =3D "Welcome, you are allowed to have dialup > access", > Framed-Filter-Id =3D "std.ppp", > Fall-Through =3D 0 > ------------------ > The Ldap portion of the radiusd.conf (comments removed) > ---------------- > > ldap { > server =3D "170.56.185.59" > identity =3D "anonymous" > basedn =3D "OU=3DAbteilungen,O=3DFKEL" > filter =3D "(uid=3D%{Stripped-User-Name:-%{User-Name}})" > start_tls =3D no > dictionary_mapping =3D ${raddbdir}/ldap.attrmap > ldap_connections_number =3D 5 > groupmembership_attribute =3D radiusGroupName > timeout =3D 20 > timelimit =3D 20 > net_timeout =3D 10 > } > > Strangely the binds need a very long time (up to 8 seconds each) - but > what has this to do with the not transmitting the Attributes ?? > > As I said, the authentication works, but the Attributes are missing - > Any Ideas ? > > Regards > Andre - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
