Problems using freeradius with ldap

tnt at kalik.co.yu tnt at kalik.co.yu
Mon Sep 3 23:12:40 CEST 2007 

You are picking up Auth-Type System from the users file. Comment it out.

Ivan Kalik
Kalik Informatika ISP


Dana 3/9/2007, "Sergio Belkin" <sbelki at palermo.edu> piše:

>I have problem when in Fedora 4 (sadly in my job I cannot change this) using 
>radtest against LDAP
>
>Packages version: 
>openldap-servers-2.2.29-1.FC4
>openldap-clients-2.2.29-1.FC4
>openldap-2.2.29-1.FC4
>freeradius-1.0.4-1.FC4.1
>
>This  is part of /etc/raddb/radiusd.conf:
>
>ldap {
>                server = "localhost"
>                basedn = "ou=people,dc=mydomain,dc=com"
>                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>                dictionary_mapping = ${raddbdir}/ldap.attrmap
>                ldap_connections_number = 5
>                password_attribute = userPassword
>(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
>(uniquemember=%{Ldap-UserDn})))"
>                timeout = 4
>                timelimit = 3
>                net_timeout = 1
>        }
>
>authorize {
>        chap
>        mschap
>        suffix
>        eap
>        files
>        ldap
>        checkval
>}
>
>And this a portion of /etc/raddb/users:
>DEFAULT  Auth-Type = System
>   Fall-Through = 1
>DEFAULT  Auth-Type = LDAP
>   Fall-Through = 1
>
>
>I've appended the schemas in /etc/openldap/slapd.conf:
>/usr/share/doc/freeradius-1.0.4/RADIUS-LDAPv3.schema
>/usr/share/doc/freeradius-1.0.4/RADIUS-LDAP.schema
>
>Well, when I issue radtest in debug mode I get:
>radtest testuser sample  localhost  0  testing123
>Sending Access-Request of id 88 to 127.0.0.1:1812
>        User-Name = "testuser"
>        User-Password = "sample"
>        NAS-IP-Address = host.mydomain.com
>        NAS-Port = 0
>rad_recv: Access-Request packet from host 127.0.0.1:42077, id=88, length=58
>        User-Name = "testuser"
>        User-Password = "sample"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module "preprocess" returns ok for request 2
>  modcall[authorize]: module "chap" returns noop for request 2
>  modcall[authorize]: module "mschap" returns noop for request 2
>    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 2
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 2
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 155
>  modcall[authorize]: module "files" returns ok for request 2
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for testuser
>radius_xlat:  '(uid=testuser)'
>radius_xlat:  'ou=people,dc=mydomain,dc=com'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in ou=people,dc=mydomain,dc=com, with filter 
>(uid=testuser)
>rlm_ldap: Added password sample in check items
>rlm_ldap: looking for check items in directory...
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user testuser authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>  modcall[authorize]: module "ldap" returns ok for request 2
>modcall: group authorize returns ok for request 2
>  rad_check_password:  Found Auth-Type System
>auth: type "System"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  modcall[authenticate]: module "unix" returns notfound for request 2
>modcall: group authenticate returns notfound for request 2
>auth: Failed to validate the user.
>Delaying request 2 for 1 seconds
>Finished request 2
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 88 to 127.0.0.1:42077
>Waking up in 4 seconds...
>rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=88, length=20
>17:20:33 [root at spike] /etc/raddb
>$ --- Walking the entire request list ---
>Cleaning up request 2 ID 88 with timestamp 46dc6c8f
>Nothing to do.  Sleeping until we see a request.
>
>
>Please could you lend me a hand to resolv this issue?
>Thanks in advance!
>-- 
>Sergio Belkin
>Comunicación e Internet
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list