Freeradius LDAP
Cris Boisvert
cris at usai.net
Mon Sep 26 20:56:40 CEST 2005
Cris Boisvert wrote:
> I'm setting up freeradius to talk to a Ipswitch Imail server for
> authetication.
>
> Just needs to do the basic User Pass... Ok.
>
>
[..]
> A snippet of the config.
> -----------------------------------------------
> ldap {
> server = "192.168.77.6"
> #identity = "cn=root,o=My Org,c=UA"
> #password = test1234
> basedn = "o=My Org,c=UA"
> #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> # base_filter = "(objectclass=radiusprofile)"
>
> # set this to 'yes' to use TLS encrypted connections
> ______________----------------------------------------------
>
[..]
> Below is a Cut form radiusd -X debug..
>
> Anyone have any reccomendations>?
>
>
>
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "test at pork.com" with password "test"
> radius_xlat: '(uid=test at pork.com)'
> radius_xlat: 'o=My Org,c=UA'
Do you really have an object with attribute iud="test at pork.com"?
I think you should split the username with delimiter '@', so you search
for uid=test,dc=pork,dc=com (or similiar).
But if you have such objects, try ldap_debug=0xffff between ldap { } in
your radiusd.conf.
Linus van Geuns
For testing purposes I do have a user of test at pork.com
I have set the debug option to 0xffff .. Their was no more debug info than
before.
Where in the radiusd.conf am I supposed to put "uid=test,dc=pork,dc=com "
reference?
Sorry I'm not really up on ldap..
Thanx
More information about the Freeradius-Users
mailing list