urgent

RANDRIAMAMPIONONA José Johnny vasiana09 at gmail.com
Sat Aug 8 18:35:03 CEST 2009


Hi all,
I have already tested the ldap server and everything works well and the
radius authentication server works very well locally and with the user file.
My ldap  adn radius server are not on the same machine. I tried to solve it
but it still doesn't work.
The log is as follows:
( freeradius-server 2.1.6 + OpenLdap + CentOs v.3.5*)

**
------------------------------------------------------------------------------------------------------------------------------------------
Sat Aug  8 16:44:40 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
    User-Name = "user"
    User-Password = "mypass"
    NAS-IP-Address = 10.1.1.12
    NAS-Port = 0
Sat Aug  8 17:05:09 2009 : Info: +- entering group authorize {...}
Sat Aug  8 17:05:09 2009 : Info: ++[preprocess] returns ok
Sat Aug  8 17:05:09 2009 : Info: ++[chap] returns noop
Sat Aug  8 17:05:09 2009 : Info: ++[mschap] returns noop
Sat Aug  8 17:05:09 2009 : Info: [suffix] No '@' in User-Name = "user",
looking up realm NULL
Sat Aug  8 17:05:09 2009 : Info: [suffix] No such realm "NULL"
Sat Aug  8 17:05:09 2009 : Info: ++[suffix] returns noop
Sat Aug  8 17:05:09 2009 : Info: [eap] No EAP-Message, not doing EAP
Sat Aug  8 17:05:09 2009 : Info: ++[eap] returns noop
Sat Aug  8 17:05:09 2009 : Info: ++[unix] returns notfound
Sat Aug  8 17:05:09 2009 : Info: ++[files] returns noop
Sat Aug  8 17:05:09 2009 : Info: [ldap] performing user authorization for
user
Sat Aug  8 17:05:09 2009 : Info: [ldap] WARNING: Deprecated conditional
expansion ":-".  See "man unlang" for details
Sat Aug  8 17:05:09 2009 : Info: [ldap]     expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=user)
Sat Aug  8 17:05:09 2009 : Info: [ldap]     expand:
ou=People,dc=uae,dc=ac,dc=ma -> ou=People,dc=uae,dc=ac,dc=ma
Sat Aug  8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Sat Aug  8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Sat Aug  8 17:05:09 2009 : Debug: rlm_ldap: attempting LDAP reconnection
Sat Aug  8 17:05:09 2009 : Debug: rlm_ldap: (re)connect to
ldap.uae.ac.ma:389, authentication 0
Sat Aug  8 17:05:09 2009 : Debug: rlm_ldap: bind as / to ldap.uae.ac.ma:389
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: waiting for bind result ...
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: Bind was successful
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: performing search in
ou=People,dc=uae,dc=ac,dc=ma, with filter (uid=user)
Sat Aug  8 17:05:25 2009 : Info: [ldap] looking for check items in
directory...
Sat Aug  8 17:05:25 2009 : Info: [ldap] looking for reply items in
directory...
Sat Aug  8 17:05:25 2009 : Debug: WARNING: No "known good" password was
found in LDAP.  Are you sure that the user is configured correctly?
Sat Aug  8 17:05:25 2009 : Info: [ldap] Setting Auth-Type = LDAP
Sat Aug  8 17:05:25 2009 : Info: [ldap] user user authorized to use remote
access
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Sat Aug  8 17:05:25 2009 : Info: ++[ldap] returns ok
Sat Aug  8 17:05:25 2009 : Info: ++[expiration] returns noop
Sat Aug  8 17:05:25 2009 : Info: ++[logintime] returns noop
Sat Aug  8 17:05:25 2009 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Sat Aug  8 17:05:25 2009 : Info: ++[pap] returns noop
Sat Aug  8 17:05:25 2009 : Info: Found Auth-Type = LDAP
Sat Aug  8 17:05:25 2009 : Info: +- entering group LDAP {...}
Sat Aug  8 17:05:25 2009 : Info: [ldap] login attempt by "user" with
password "mypass"
Sat Aug  8 17:05:25 2009 : Info: [ldap] user DN:
uid=user,ou=People,dc=uae,dc=ac,dc=ma
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: (re)connect to
ldap.uae.ac.ma:389, authentication 1
Sat Aug  8 17:05:25 2009 : Debug: rlm_ldap: bind as
uid=user,ou=People,dc=uae,dc=ac,dc=ma/mypass to ldap.uae.ac.ma:389
Sat Aug  8 17:05:40 2009 : Debug: rlm_ldap: waiting for bind result ...
Sat Aug  8 17:05:40 2009 : Debug: rlm_ldap: Bind was successful
Sat Aug  8 17:05:40 2009 : Info: [ldap] user user authenticated succesfully
Sat Aug  8 17:05:40 2009 : Info: ++[ldap] returns ok
Sat Aug  8 17:05:40 2009 : Info: +- entering group post-auth {...}
Sat Aug  8 17:05:40 2009 : Info: ++[exec] returns noop
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat Aug  8 17:05:40 2009 : Info: Finished request 0.
Sat Aug  8 17:05:40 2009 : Debug: Going to the next request
Sat Aug  8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
Sat Aug  8 17:05:40 2009 : Info: Sending duplicate reply to client localhost
port 50760 - ID: 186
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat Aug  8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
Sat Aug  8 17:05:40 2009 : Info: Sending duplicate reply to client localhost
port 50760 - ID: 186
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat Aug  8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.
Sat Aug  8 17:05:45 2009 : Info: Cleaning up request 0 ID 186 with timestamp
+1229
Sat Aug  8 17:05:45 2009 : Debug: Ready to process requests.


------------------------------------------------------------------------------------------------------------------------------------------
*and something weird on the radtest output:*
[root at serve-mde raddb]# /usr/local/freeradius-server-2.1.6/bin/radtest user
mypass localhost 0 testtest
Sending Access-Request of id 108 to 127.0.0.1 port 1812
    User-Name = "user"
    User-Password = "mypass"
    NAS-IP-Address = 10.1.1.12
    NAS-Port = 0
Sending Access-Request of id 108 to 127.0.0.1 port 1812
    User-Name = "user"
    User-Password = "mypass"
    NAS-IP-Address = 10.1.1.12
    NAS-Port = 0
Sending Access-Request of id 108 to 127.0.0.1 port 1812
    User-Name = "user"
    User-Password = "mypass"
    NAS-IP-Address = 10.1.1.12
    NAS-Port = 0
radclient: no response from server for ID 108 socket 3
[root at serve-mde raddb]#
-----------------------------------------------------------------------------------------------------------------------------------------
*the radb/modules/ldap file is like this:

ldap {
      server = "ldap.uae.ac.ma"
      basedn = "ou=People,dc=uae,dc=ac,dc=ma"
    filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

    ldap_connections_number = 5

    timeout = 4
   timelimit = 3

    tls {

        start_tls = no

    }
    dictionary_mapping = ${confdir}/ldap.attrmap

    edir_account_policy_check = no
}
here are the entry on the ldap server(approximately):
[image: -]<http://ldap.uae.ac.ma/collapse.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma>[image:
img]<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
dc=uae,dc=ac,dc=ma<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
(3)
[image: +]<http://ldap.uae.ac.ma/expand.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>[image:
img]<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
cn=admin<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
[image: +]<http://ldap.uae.ac.ma/expand.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>[image:
img]<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
ou=Group<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
[image: +]<http://ldap.uae.ac.ma/expand.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>[image:
img]<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
ou=People<http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma>
(50+)
*
Does anyone know what's wrong in my configuration?Is it the expiration times
in the configuration file that I have to expand? how to do to give a server
a possibility to response?

* BEST REGARDS!
-- *
JJohnny R.*
*National School of Applied Sciences*



-- 
JJohnny R.
vasiana09 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090808/23079d45/attachment.html>


More information about the Freeradius-Users mailing list