Re: how to enable ldap during authentication

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: Re: how to enable ldap during authentication
From: "Tomasz Zieleniewski" <tzieleniewski@gmail.com>
Date: Thu, 24 Jan 2008 09:42:14 +0100
In-reply-to: <rde6QnqY.1201128269.8157180.tnt@kalik.co.yu>
References: <5fd52d7a0801231305m4f89a984ybfc72c1e31830598@mail.gmail.com> <rde6QnqY.1201128269.8157180.tnt@kalik.co.yu>
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Hi

Still something is wrong.

I have the following authorize section:
        authorize {
                preprocess

                auth_req_log

                suffix

                sql

                ldap

        }

I tried such authenticate sections:
        authenticate {

                Auth-Type LDAP {
                        ldap
                }

                Auth-Type Digest {
                        digest
                }

                Auth-Type PAP {
                        pap
                }
        }

        authenticate {

               ldap
        }

all the time I receive failed authentication,
what do I miss here?

hu Jan 24 09:40:35 2008 : Debug: rlm_ldap: - authorize
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing user authorization for tzl
Thu Jan 24 09:40:35 2008 : Debug:     expand: (mail=%u@touk.pl) -> (mail=tzl@touk.pl)
Thu Jan 24 09:40:35 2008 : Debug:     expand: ou=Touki,ou=People,dc=touk,dc=pl -> ou=Touki,ou=People,dc=touk,dc=pl
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing search in ou=Touki,ou=People,dc=touk,dc=pl, with filter (mail= tzl@touk.pl)
request 5 done
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: Added User-Password = {MD5}SNNMxdM+Zfvr//0yEp0DuA== in check items
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for check items in directory...
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for reply items in directory...
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: user tzl authorized to use remote access
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[authorize]: returned from ldap (rlm_ldap) for request 3
Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
Thu Jan 24 09:40:35 2008 : Debug: auth: type Local
Thu Jan 24 09:40:35 2008 : Debug: auth: user supplied User-Password does NOT match local User-Password
Thu Jan 24 09:40:35 2008 : Debug: auth: Failed to validate the user.
Thu Jan 24 09:40:35 2008 : Auth: Login incorrect: [tzl/somepass] (from client localhost port 0)
Thu Jan 24 09:40:35 2008 : Debug:   Found Post-Auth-Type Reject
Thu Jan 24 09:40:35 2008 : Debug: +- entering group REJECT
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 3
Thu Jan 24 09:40:35 2008 : Debug:     expand: %{User-Name} -> tzl
Thu Jan 24 09:40:35 2008 : Debug: attr_filter: Matched entry DEFAULT at line 11
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 3
Thu Jan 24 09:40:35 2008 : Debug: ++[attr_filter.access_reject] returns updated

regards
tomasz

2008/1/23 <tnt@kalik.co.yu>:

Uncomment ldap in authenticate section.

Ivan Kalik
Kalik Informatika ISP

Dana 23/1/2008, "Tomasz Zieleniewski" <tzieleniewski@gmail.com> piše:

>Hi,
>
>I am using version 2.0.2-pre
>I would like to use ldap for freeradius authentication.
>I couldn't find anything on web about this topic.
>I have ldap module in the authorize section in my default virtual server.
>I see in the debug that ldap module returns ok during authorization
>please point me what do I have to do to use ldap olso for authentication
>
>is it enough to put ldap invocation in authentication section?
>below debug from authorization
>
>thanks a lot for any help!
>regards
>-tomasz
>
>rlm_ldap: waiting for bind result ...
>request 1 done
>rlm_ldap: Bind was successful
>rlm_ldap: performing search in ou=Touki,ou=People,dc=touk,dc=pl, with filter
>(mail=tzl@touk.pl)
>request 2 done
>rlm_ldap: Added User-Password = {MD5}SNNMxdM+Zfvr//0yEp0DuA== in check items
>rlm_ldap: looking for check items in directory...
>rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password
>== "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user tzl authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>++[ldap] returns ok
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Follow-Ups:
- Re: how to enable ldap during authentication
  - From: Alan DeKok <aland@deployingradius.com>

References:
- how to enable ldap during authentication
  - From: "Tomasz Zieleniewski" <tzieleniewski@gmail.com>
- Re: how to enable ldap during authentication
  - From: <tnt@kalik.co.yu>

Previous by Date: extract different field from ldap on nas's ip address base
Next by Date: Re: SNMP error
Previous by Thread: Re: how to enable ldap during authentication
Next by Thread: Re: how to enable ldap during authentication
Freeradius-Users January 2008 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.