Integrate freeradius v1.1.6 and openLADP v2.3.32 for authorization and authentication

xuebin gong robin_gong at yahoo.com
Mon May 21 21:06:09 CEST 2007


Hi, All,

I am user and want to integrate freeradius v1.1.6 and
openLADP v2.3.32 for authorization and 
authentication. Our operating system is Fedora 5
Linux. 

(1)Install freeRadius-1.1.6 
After following the instruction of installation in
http://wwww.freeradius.org, 
install freeRadius-1.1.6 on Fedora Linux 5, run radius
server in debug mode 

    radiusd -X             
...... 
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1812 
Listening on accounting *:1813 
Ready to process requests. 
    
FreeRadius was installed succeefully. 

(2)Configure freeRadius-1.1.6 
  (2.1) Configure radiusd.conf 
      (2.1.1) LDAP module 
       ldap{   
           server = "10.0.0.118" 
           identity = "cn=Manager,dc=mtcable,dc=net" 
           password = mtncnl1970 
           basedn = "dc=mtcable,dc=net" 
           filter =
"uid=%{Stripped-User-Name:-%{User-Name}}" 
           start_tls = no               
           dictionary_mapping =
${raddbdir}/ldap.attrmap 
           ldap_connections_number = 5 
           edir_account_policy_check=no 
           timeout = 4 
           timelimit = 3 
           net_timeout = 1 
      } 
      (2.1.2) authorize module 
      uncomment ldap  line 

      authorize{ 
           ...... 
           ldap 
           ...... 
      } 

      (2.1.3) authenticate module 
      uncomment block ldap block: 

      authenticate{ 
          ...... 
          Auth-Type LDAP { 
                ldap 
          } 
          ...... 
      } 


  (2.2) edit /usr/local/etc/raddb/users 
      Uncomment the following lines: 

      DEFAULT Auth-Type = LDAP 
      Fall-Through = 1 

(3)Install openLDAP 
(4)Configure openLDAP 
(5)Add one LDAP entry for testing 

dn: uid=jjeep, ou=radius, rccd=AAA3140018f,
dc=mtcable,dc=net 
userPassword:: aabbccdd 
cn: jeep 
uid: jjeep 
radiusAuthType: local 
radiusSimultaneousUse: 1 
homeDirectory: // 
objectClass: top 
objectClass: posixAccount 
objectClass: radiusprofile 
uidNumber: 7012 
gidNumber: 100 

After add this entry to LDAP, we reset the password to
"888888" 

(5)Test 
After run test command line 

   radtest jjeep "888888" localhost 1 testing123 

The following is information from running Radiusd -X: 

...... 
  rad_recv: Access-Request packet from host
127.0.0.1:32771, 
id=192, length=57 
        User-Name = "jjeep" 
        User-Password = "888888" 
        NAS-IP-Address = 255.255.255.255 
        NAS-Port = 1 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 0 
  modcall[authorize]: module "preprocess" returns ok
for request 0 
  modcall[authorize]: module "chap" returns noop for
request 0 
  modcall[authorize]: module "mschap" returns noop for
request 0 
  rlm_realm: No '@' in User-Name = "jjeep", looking up
realm NULL 
  rlm_realm: No such realm "NULL" 
  modcall[authorize]: module "suffix" returns noop for
request 0 
  rlm_eap: No EAP-Message, not doing EAP 
  modcall[authorize]: module "eap" returns noop for
request 0 
    users: Matched entry DEFAULT at line 153 
  modcall[authorize]: module "files" returns ok for
request 0 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for jjeep 
radius_xlat:  'uid=jjeep' 
radius_xlat:  'dc=mtcable,dc=net' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: attempting LDAP reconnection 
rlm_ldap: (re)connect to 10.0.0.118:389,
authentication 0 
rlm_ldap: bind as cn=Manager,dc=mtcable,dc=net/mtncnl1

970 to 10.0.0.118:389 
rlm_ldap: waiting for bind result ... 
rlm_ldap: Bind was successful 
rlm_ldap: performing search in dc=mtcable,dc=net, with

 filter uid=jjeep 
rlm_ldap: object not found or got ambiguous search
result 
rlm_ldap: search failed 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module "ldap" returns notfound
for req 
uest 0 
rlm_pap: WARNING! No "known good" password found for
the use 
r.  Authentication may fail because of this. 
  modcall[authorize]: module "pap" returns noop for
request0 
modcall: leaving group authorize (returns ok) for
request 0 
  rad_check_password:  Found Auth-Type LDAP 
auth: type "LDAP" 
  Processing the authenticate section of radiusd.conf 
modcall: entering group LDAP for request 0 
rlm_ldap: - authenticate 
rlm_ldap: login attempt by "jjeep" with password
"888888" 
radius_xlat:  'uid=jjeep' 
radius_xlat:  'dc=mtcable,dc=net' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in dc=mtcable,dc=net, with

 filter uid=jjeep 
rlm_ldap: object not found or got ambiguous search
result 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authenticate]: module "ldap" returns
notfound for 
request 0 
modcall: leaving group LDAP (returns notfound) for
request 0 
auth: Failed to validate the user. 
Login incorrect (rlm_ldap: User not found): [jjeep]
(from cl 
ient localhost port 1) 
Delaying request 0 for 1 seconds 
Finished request 0 
Going to the next request 

The following is logfile: 

...... 
May 17 12:09:13 dolphin slapd[2205]: conn=7 fd=17
ACCEPT from IP=10.0.0.118:35564 (IP=0.0.0.0:389) 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0 BIND
dn="cn=Manager,dc=mtcable,dc=net" method=128 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0 BIND
dn="cn=Manager,dc=mtcable,dc=net" mech=SIMPLE ssf=0 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0
RESULT tag=97 err=0 text= 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1 SRCH
base="dc=mtcable,dc=net" scope=2 deref=0
filter="(uid=jjeep)" 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1 SRCH
attr=radiusNASIpAddress radiusExpiration acctFlags
ntPassword lmPassword radiusCallingStationId
radiusCalledStationId radiusSimultaneousUse
radiusAuthType radiusCheckItem radiusReplyMessage
radiusLoginLATPort radiusPortLimit
radiusFramedAppleTalkZone radiusFramedAppleTalkNetwork
radiusFramedAppleTalkLink radiusLoginLATGroup
radiusLoginLATNode radiusLoginLATService
radiusTerminationAction radiusIdleTimeout
radiusSessionTimeout radiusClass
radiusFramedIPXNetwork radiusCallbackId
radiusCallbackNumber radiusLoginTCPPort
radiusLoginService radiusLoginIPHost
radiusFramedCompression radiusFramedMTU radiusFilterId
radiusFramedRouting radiusFramedRoute
radiusFramedIPNetmask radiusFramedIPAddress
radiusFramedProtocol radiusServiceType radiusReplyItem

May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1
SEARCH RESULT tag=101 err=0 nentries=3 text= 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2 SRCH
base="dc=mtcable,dc=net" scope=2 deref=0
filter="(uid=jjeep)" 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2 SRCH
attr=uid 
May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2
SEARCH RESULT tag=101 err=0 nentries=3 text= 

It looks like LDAP search successfully and found 3
entries, but redius server could not find any objects.

What is wrong with my integration? 

Thanks In Advanced 

Robin



 
____________________________________________________________________________________
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
http://answers.yahoo.com/dir/?link=list&sid=396546091



More information about the Freeradius-Users mailing list