LDAP login failed: check identity, password settings in ldap section of radiusd.conf, (re)connection attempt failed

hsuan hsuan at nchc.org.tw
Mon Nov 24 03:05:20 CET 2008 

Hi all :

I have install freeradius-server-2.1.1 and I want use LDAP to do
authentication. I have set the radiusd configuration file
(/usr/local/etc/raddb/radius.conf) about ldap information as follows :

ldap {

        server = "localhost"

        identity = "cn=Manager,dc=nchc,dc=org,dc=tw"

        password = hsuan

        basedn = "dc=nchc,dc=org,dc=tw"

        filter =
(&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))"

        start_tls = no

        dictionary_mapping = ${raddbdir}/ldap.attrmap

        ldap_connections_number = 5

        ldap_connections_number = 5

        password_header = "{crypt}"

        password_attribute =User-Password

        timeout = 4

        timelimit = 3

       net_timeout = 1

}

 

But when I using “radius -X” to start the radius server ,and in the client
I using “radtest ldapuser ldapuser radius_server_ip 0 secret” ,

The server shown the message :

 

 

 

 

[ldap] performing user authorization for ldapuser

[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details

[ldap]  expand:
(&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" ->
(&(!(objectClass=alias))(uid=ldapuser))"

[ldap]  expand: dc=nchc??dc=org??dc=tw -> dc=nchc??dc=org??dc=tw

rlm_ldap: ldap_get_conn: Checking Id: 0

rlm_ldap: ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to localhost:389, authentication 0

rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389

rlm_ldap: waiting for bind result ...

rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf

rlm_ldap: (re)connection attempt failed

[ldap] search failed

rlm_ldap: ldap_release_conn: Release Id: 0

++[ldap] returns fail

Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0)

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> ldapuser

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 3 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 3

Sending Access-Reject of id 128 to 192.168.2.1 port 49351

Waking up in 4.9 seconds.

Cleaning up request 3 ID 128 with timestamp +135542

 

 

Then the client receive the “rad_recv: Access-Reject packet from host
192.168.2.1 port 1812, id=22, length=20”

 

What’s the problem ? how can I fix the error ?

 

Regards,

Vicky

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081124/7cda3e41/attachment.html>

More information about the Freeradius-Users mailing list