Question about LDAP authentication

Petit, Benoit b.petit at bell.ca
Wed Jul 25 14:20:23 CEST 2018


Hi,

I have a quick question about LDAP authentication. The radius authentication is working but when I check the logs in debug mode I get a warning concerning LDAP. I'm wondering if this warning is important and how I can get ride of it. I put  the ldap auth in the /raddb/sites-available/default file but the following warning keeps coming back, even tough the user's attributes are passed:

radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 11 2017 at 04:40:14
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.

[ldap] performing user authorization for ba0xxxx
[ldap]  expand: (cn=%{User-Name}) -> (cn=ba0xxxxx at ssl-admin.bell)
[ldap]  expand: dc=connexim,dc=com -> dc=connexim,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to 10.234.4.16:389, authentication 0
  [ldap] bind as cn=Manager,dc=connexim,dc=com/xxxxxxxx to 10.x.x.x:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=connexim,dc=com, with filter (cn=ba0xxxx at ssl-admin.bell)
[ldap] looking for check items in directory...
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
  [ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] looking for reply items in directory...
  [ldap] radiusClass -> Class = 0x61646d696e
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
[ldap] Setting Auth-Type = LDAP
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok

The logs then continue and I receive an Accept-Accept for the session. Is this warning relevant and how can I get rid of it?


Thanks,

Benoit Petit
Analyste Technique | Technical Analyst
Sécurité et Intelligence Digitale TI | IT Security and Digital Intelligence
1 Carrefour Alexandre-Graham-Bell - Aile E - 3e étage - Verdun - QC - H3E 3B3
514-391-9247
L'utilisation de ce message et régie par notre politique de courriel. www.bell.ca/PolitiqueConfidentialiteCourriel
The use of this message is restricted by our mail policies. www.bell.ca/EmailConfidentialityWarning
Vacances : 24 août au 17 septembre




More information about the Freeradius-Users mailing list