ldap
Julian Macassey
julian at tele.com
Mon Jun 24 20:01:11 CEST 2013
On 2013-06-24 at 13:24, John Dennis (jdennis at redhat.com) wrote:
> On 06/24/2013 12:18 PM, Julian Macassey wrote:
> > I added in /etc/freeradius/clients.conf:
> >
> > client plumgrid-ldap1 {
> > # # secret and password are mapped through the "secrets"
> > # file.
> > secret = <MYSECRET>
> > shortname = ldap
> > # # the following three fields are optional, but may be
> > # used by
> > # # checkrad.pl for simultaneous usage checks
> > ipaddr = 192.168.10.14
> > nastype = other
> > ## login = !root
> > # password = someadminpas
> > }
>
> > radiusd: #### Loading Clients ####
> > client plumgrid-ldap1 {
> > ipaddr = 192.168.10.14
> > require_message_authenticator = no
> > secret = "d1sc0verplum"
> > shortname = "ldap"
> > nastype = "other"
> > }
>
> > -----
> > I still get:
> >
> > Sending Access-Request of id 94 to 192.168.10.14 port 1812
> > User-Name = "evergreen at plumgrid.com"
> > User-Password = "evergreen's password"
> > NAS-IP-Address = 127.0.1.1
> > NAS-Port = 0
>
> I don't follow what you're doing. Is your radius server on
> 192.168.10.14, the same as your client?
My radius server is: 192.168.10.16
My ldap server is: 192.168.10.14
> Because it looks like your
> sending your access-request to the client, not the server (unless
> they're both the same box). If they are the same box then make sure port
> 1812 is open.
> Also your NAS-IP-Address in your request is not your
> client address of 192.168.10.14.
I note that. But I have that in my
/etc/freeradius/clients.conf file:
client plumgrid-ldap1 {
# # secret and password are mapped through the "secrets"
# file.
secret = d1sc0verplum
shortname = ldap
# # the following three fields are optional, but may be
# used by
# # checkrad.pl for simultaneous usage checks
ipaddr = 192.168.10.14
nastype = other
## login = !root
# password = someadminpas
}
-----
>
> Also, 127.0.1.1 seems like an odd address, localhost is normally
> 127.0.0.1, what's in your /etc/hosts file?
This seems to be an ubuntu oddity.
I have modified it
127.0.0.1 localhost plumgrid-radius1.plumgrid.com plumgrid-radius1
#127.0.1.1 plumgrid-radius1.plumgrid.com plumgrid-radius1
Yet, I still get 127.0.1.1 in my freeradius radtest.
I can still ping 127.0.1.1
--
plumgrid-radius1:freeradius root#> ping 127.0.1.1
PING 127.0.1.1 (127.0.1.1) 56(84) bytes of data.
64 bytes from 127.0.1.1: icmp_req=1 ttl=64 time=0.032 ms
64 bytes from 127.0.1.1: icmp_req=2 ttl=64 time=0.035 ms
-----
>
> Also I don't see what this has to do with ldap, nothing as far as I can
> tell.
>
Well, I have a a radius server that I would like to use
the ldap server to authenticate. It works using localhost and the
users file.
> Also, be careful with making configuration files backups in the config
> directory, the sever reads everything it finds in the config directory,
> do you really mean to load /etc/freeradius/modules/off-ldap-orig?
I have moved it away.
--
"They: The makers of the Constitution: conferred, as against the government,
the right to be let alone -- the most comprehensive of rights and the right
most valued by civilized men." - Justice Louis D. Brandeis
More information about the Freeradius-Users
mailing list