ldap search for user root

To: freeradius-users@lists.freeradius.org
Subject: ldap search for user root
From: Artur Hayne <arturhayne@yahoo.com.br>
Date: Thu, 4 Oct 2007 12:49:49 -0300 (ART)
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi,

We have a freeradius server sending auth requests to a ldap server. We sniffed traffic between them and found search request messages from ldap protocol asking for an user called root, but the client request authentication for another user, an existing one. This request for user root isnt logical since root is not a valid user in our ldap db.

Ethereal output (request packet from radius server to ldap server):
Filter:(&(objectclass=User)(sAMAccountName=root))

FreeRadius is using PAM to auth against ldap with rlm_pam module. PAM is completely configured and we're able to use its features with other tools, such as login.

Freeradius output:
rad_recv: Access-Request packet from host 10.2.1.76:32784, id=106, length=215
        User-Name = "aelias@intranet.ufba.br"
        Digest-Attributes = 0x0a0861656c696173
        Digest-Attributes = 0x0112696e7472616e65742e756662612e6272
        Digest-Attributes = 0x022a34373032353266383139316339313161353365313735363334656362333434336638363931303665
        Digest-Attributes = 0x04167369703a696e7472616e65742e756662612e6272
        Digest-Attributes = 0x030a5245474953544552
        Digest-Response = "598d24b186f652a28feced8e51f92880"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 0x61656c696173
        NAS-IP-Address = 10.2.1.76
        NAS-Port = 5060
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: Looking up realm "intranet.ufba.br" for User-Name = "aelias@intranet.ufba.br"
    rlm_realm: No such realm "intranet.ufba.br"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 3
    users: Matched entry DEFAULT at line 168
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type Pam
auth: type "PAM"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_pam: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "pam" returns invalid for request 3
modcall: group authenticate returns invalid for request 3
auth: Failed to validate the user.
Login incorrect: [aelias@intranet.ufba.br/<no User-Password attribute>] (from client private-network-2 port 5060)
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 105 to 10.2.1.76:32783

Sorry my poor English. :-)

Thanks.

Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!

Previous by Date: Re: RADIUS Stress Test tool
Next by Date: Re: RADIUS Stress Test tool
Previous by Thread: Re: issue with mysql accounting
Next by Thread: limited hours per user
Freeradius-Users October 2007 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.