Radius (freeradius) server integrated with openldap for user authentication
Aravind Arjunan
aravind.arjunan at gmail.com
Wed Jan 7 07:52:39 CET 2009
hi
Radius(freeradius) server has configured and integrated with Openldap
server for user authentication.
Using radtest, NTRadPing and Radiustest (Utility) it is working fine. I got
Access-Acept by using this utility.
When i try from enduser through Wireless access point i may not able to
authenticate. Wireless access point is configured with WPA for security.
>From the radius debug level log and slapd log i can able to see that it can
able to fetch username and it was successful but in the case of
userPassword authetication was getting failed.
Am attaching the radius debug level log or your reference
rad_recv: Access-Request packet from host 192.168.1.100:1645, id=45,
length=130
* User-Name = "sivaji"*
Framed-MTU = 1400
Called-Station-Id = "0023.045c.3f20"
Calling-Station-Id = "001f.3c78.503a"
Service-Type = Login-User
Message-Authenticator = 0xd56b1bff210c624ccf5b1d5c56285f10
EAP-Message = 0x0202000b01736976616a69
NAS-Port-Type = Wireless-802.11
NAS-Port = 542
NAS-Port-Id = "542"
NAS-IP-Address = 192.168.1.100
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
*rlm_realm: No '@' in User-Name = "sivaji", looking up realm NULL*
* rlm_realm: No such realm "NULL"*
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 157
* modcall[authorize]: module "files" returns ok for request 0*
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sivaji
*radius_xlat: '(uid=sivaji)'*
*radius_xlat: 'dc=rgipt,dc=in'*
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
*rlm_ldap: bind as / to localhost:389*
*rlm_ldap: waiting for bind result ...*
*rlm_ldap: Bind was successful*
*rlm_ldap: performing search in dc=rgipt,dc=in, with filter (uid=sivaji)*
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
*rlm_ldap: user sivaji authorized to use remote access*
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
*rlm_ldap: - authenticate*
*rlm_ldap: Attribute "User-Password" is required for authentication.*
* *
* modcall[authenticate]: module "ldap" returns invalid for request 0*
*modcall: leaving group LDAP (returns invalid) for request 0*
*auth: Failed to validate the user.*
*Login incorrect: [sivaji] (from client AP port 542 cli 001f.3c78.503a)*
*Delaying request 0 for 1 seconds*
*Finished request 0*
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 45 to 192.168.1.100 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 45 with timestamp 4960b0d2
Nothing to do. Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090107/974db13d/attachment.html>
More information about the Freeradius-Users
mailing list