<div>Hello,</div>
<div> </div>
<div>In your radiusd.conf:</div>
<div> </div>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><font color="#ff0000">server = "localhost"</font></font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><font color="#ff0000"><span> </span>identity = "cn=admin,o=My Org,c=UA"</font></font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><font color="#ff0000"><span> </span>password = mypass</font></font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><font color="#ff0000"><span> </span>basedn = "ou=People,dc=example,dc=com"</font></font></font></p>
<p style="MARGIN: 0in 0in 0pt"><span><font face="Courier New" color="#ff0000" size="2"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><font color="#ff0000"><span> </span>password_attribute = "userPassword"</font></font></font></p>
<div style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><font color="#ff0000"><span> </span>filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"</font></font></font></div>
<div style="MARGIN: 0in 0in 0pt"><font face="Courier New" color="#ff0000" size="2"></font> </div>
<div>make sure that you have the correct configuration for the variables listed above. If you do, and you still cannot authenticate a user, it may be that your ldap server is returning referrals to other servers. To avoid referrals, go to your
ldap.conf in the freeradius server and add the line: <strong>referrals no</strong></div>
<div> </div>
<div>Hope it helps,</div>
<div>Natalia. </div>
<div> </div>
<div><span class="gmail_quote">On 4/3/06, <b class="gmail_sendername">monish ar</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:monish.ar@gmail.com" target="_blank">monish.ar@gmail.com</a>> wrote:
</span></div>
<div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div style="DIRECTION: ltr">
<div>I've tried to authenticate to an LDAP server through RADIUS using the rlm_ldap module.... </div>
<div>I'm using freeradius 1.1.0 with OpenLdap 2.1.8 with a bdb backend. </div>
<div>The problem is that rlm_ldap module binds successfully to an authentication request in the authorization section, but fails to bind</div>
<div>when its tryin to authenticate.... log for RADIUS server is given below along with the LDAP configuration... plz help me out</div>
<div> </div>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">/<b>* In the client terminal ,now i've tried to authenticate with user : ldapuser</b></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">[root@localhost ~]# radtest ldapuser ldapuser localhost 2 testing123</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Sending Access-Request of id 119 to <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://127.0.0.1/" target="_blank">127.0.0.1</a> port 1812</font>
</p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>User-Name = "ldapuser"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>User-Password = "ldapuser"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>NAS-IP-Address = <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255</a>
</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>NAS-Port = 2</font></p>
<div><span style="FONT-SIZE: 12pt"><font face="Times New Roman">rad_recv: Access-Reject packet from host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://127.0.0.1:1812/" target="_blank">127.0.0.1:1812
</a>, id=119, length=20 <b>*</b></font></span></div>
<div><span style="FONT-SIZE: 12pt"><strong><font face="Times New Roman"></font></strong></span> </div>
<div><span style="FONT-SIZE: 12pt">
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">/<b>/ On the server side, response to ldapuser user authentication request...</b></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rad_recv: Access-Request packet from host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://127.0.0.1:32769/" target="_blank">127.0.0.1:32769
</a>, id=119, length=60</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>User-Name = "ldapuser"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>User-Password = "ldapuser"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>NAS-IP-Address = <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255</a>
</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>NAS-Port = 2</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>Processing the authorize section of radiusd.conf</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">modcall: entering group authorize for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "preprocess" returns ok for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">radius_xlat:<span> </span>'/usr/local//var/log/radius/radacct/127.0.0.1/auth-detail-20060403'</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_detail: /usr/local//var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local//var/log/radius/radacct/127.0.0.1/auth-detail-20060403
</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "auth_log" returns ok for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "chap" returns noop for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "mschap" returns noop for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>rlm_realm: No '@' in User-Name = "ldapuser", looking up realm NULL</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>rlm_realm: No such realm "NULL"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "suffix" returns noop for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>rlm_eap: No EAP-Message, not doing EAP</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span><span> </span>modcall[authorize]: module "eap" returns noop for request 0 </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>users: Matched entry DEFAULT at line 152</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>users: Matched entry DEFAULT at line 158</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "files" returns ok for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: - authorize</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: performing user authorization for ldapuser</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">radius_xlat:<span> </span>'(uid=ldapuser)'</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">radius_xlat:<span> </span>'ou=People,dc=example,dc=com'</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: ldap_get_conn: Checking Id: 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: ldap_get_conn: Got Id: 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: attempting LDAP reconnection</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: (re)connect to localhost:389, authentication 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: bind as / to localhost:389</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: waiting for bind result ...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: Bind was successful</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter (uid=ldapuser)</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: Added password {crypt}$1$nwby/I64$ORzJuBh4/Ec3c.FAt2oqV0 in check items</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: looking for check items in directory...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: looking for reply items in directory...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: user ldapuser authorized to use remote access</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: ldap_release_conn: Release Id: 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authorize]: module "ldap" returns ok for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">modcall: leaving group authorize (returns ok) for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>rad_check_password:<span> </span>Found Auth-Type LDAP</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">auth: type "LDAP"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>Processing the authenticate section of radiusd.conf</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">modcall: entering group LDAP for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: - authenticate</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: login attempt by "ldapuser" with password "ldapuser"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: user DN: uid=ldapuser,ou=People,dc=example,dc=com</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: (re)connect to localhost:389, authentication 1</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: bind as uid=ldapuser,ou=People,dc=example,dc=com/ldapuser to localhost:389</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: waiting for bind result ...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">rlm_ldap: Bind failed with invalid credentials</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><span> </span>modcall[authenticate]: module "ldap" returns reject for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">modcall: leaving group LDAP (returns reject) for request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">auth: Failed to validate the user.</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Login incorrect (rlm_ldap: Bind as user failed): [ldapuser] (from client localhost port 2)</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Delaying request 0 for 1 seconds</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Finished request 0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Going to the next request</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">--- Walking the entire request list ---</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Waking up in 1 seconds...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">--- Walking the entire request list ---</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Waking up in 1 seconds...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">--- Walking the entire request list ---</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Sending Access-Reject of id 119 to <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://127.0.0.1/" target="_blank">127.0.0.1</a> port 32769</font>
</p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Waking up in 4 seconds...</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"></font> </p>
<p style="MARGIN: 0in 0in 0pt"><b><font face="Times New Roman">// THE CONFIGURATION DETAILS REQUIRED FOR RLM_LDAP AUTHENTICATION ARE BELOW</font></b></p>
<p style="MARGIN: 0in 0in 0pt"><b><font face="Times New Roman"> </font></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><b>/* </b><b><span style="FONT-SIZE: 14pt">example.com.ldif (base entries added to LDAP database)</span></b></font></p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Times New Roman"> </font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Dn: dc=example,dc=com</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Objectclass: dcObject</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Objectclass : organization</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">o: Example company</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">dc: example</font></p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Times New Roman"><span> </span></font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">dn: cn=manager,dc=example,dc=com</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">objectclass: organizationalRole</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">cn: manager</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">dn: ou=people,dc=example,dc=com</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">ou: people</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">description: All people in the organization</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">objectClass: dcObject</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">objectClass: organizationalUnit</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">dc: example</font></p>
<p style="MARGIN: 0in 0in 0pt"><b><font face="Times New Roman"> </font></b></p>
<p style="MARGIN: 0in 0in 0pt"><b><font face="Times New Roman"> </font></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"><b>/*</b><b><span style="FONT-SIZE: 14pt"> ldapuser.ldif (details of user account for authentication added to the LDAP database */</span></b></font> </p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Times New Roman"> </font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">dn: uid=ldapuser,ou=People,dc=example,dc=com</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">uid: ldapuser</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">cn: ldapuser</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">objectClass: account</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">objectClass: posixAccount</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">objectClass: top</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">objectClass: shadowAccount</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">userPassword: {crypt}$1$nwby/I64$ORzJuBh4/Ec3c.FAt2oqV0</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">shadowLastChange: 13238</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">shadowMax: 99999</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">shadowWarning: 7</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">loginShell: /bin/bash</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">uidNumber: 503</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">gidNumber: 100</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">homeDirectory: /home/ldapuser</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New"><font size="2">/* </font><b><span style="FONT-SIZE: 14pt">radiusd.conf (LDAP MODULE)</span></b></font></p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Courier New"> </font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">ldap {</font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>server = "localhost"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># identity = "cn=admin,o=My Org,c=UA"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># password = mypass</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>basedn = "ou=People,dc=example,dc=com"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><span><font face="Courier New" size="2"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>password_attribute = "userPassword"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># base_filter = "(objectclass=radiusprofile)"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 12pt"><font face="Courier New"><span> </span></font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New"><span style="FONT-SIZE: 12pt"><span> </span></span><font size="2">start_tls = no</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><span><font face="Courier New" size="2"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_cacertfile<span> </span>= /path/to/cacert.pem</font> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_cacertdir<span> </span>= /path/to/ca/dir/ </font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_certfile<span> </span>= /path/to/radius.crt </font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_keyfile<span> </span>= /path/to/radius.key </font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_randfile<span> </span>= /path/to/rnd</font> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># tls_require_cert<span> </span>= "demand" </font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"</font></font> </p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># profile_attribute = "radiusProfileDn"</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>#<span> </span>access_attr = "dialupAccess" </font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># Mapping of RADIUS dictionary attributes to LDAP</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># directory attributes.</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>dictionary_mapping = ${raddbdir}/ldap.attrmap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>ldap_connections_number = 5</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>timeout = 4</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>timelimit = 3</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><span><font face="Courier New" size="2"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>net_timeout = 1</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># compare_check_items = yes</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># do_xlat = yes</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span># access_attr_used_for_allow = yes</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New"><span><font size="2"> </font></span><span style="FONT-SIZE: 14pt">}</span></font></p>
<p style="MARGIN: 0in 0in 0pt"><span style="FONT-SIZE: 14pt"><font face="Courier New"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">authorize {</font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>chap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>mschap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>eap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>files</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>ldap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>}</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">authenticate {</font></p>
<p style="MARGIN: 0in 0in 0pt"><span><font face="Courier New" size="2"> </font></span></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>Auth-Type PAP {</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>pap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>}</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>Auth-Type CHAP {</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>chap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>}</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>Auth-Type MS-CHAP {</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>mschap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>}</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>Unix</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span>Auth-Type LDAP {</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>ldap</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font size="2"><font face="Courier New"><span> </span><span> </span>}</font></font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Courier New">Slapd.conf (ldap configuration)</font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><b><span style="FONT-SIZE: 14pt"><font face="Courier New"> </font></span></b></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">include<span> </span>/usr/local/etc/openldap/schema/core.schema</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">include<span> </span><span> </span><span> </span> /usr/local/etc/openldap/schema/cosine.schema</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">include<span> </span>/usr/local/etc/openldap/schema/nis.schema</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">pidfile<span> </span>/usr/local/var/slapd.pid</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">argsfile<span> </span><span> </span>/usr/local/var/slapd.args</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">#######################################################################</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"># ldbm database definitions</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">#######################################################################</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">database<span> </span><span> </span>bdb</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">suffix<span> </span>"dc=example,dc=com"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">rootdn<span> </span>"cn=manager,dc=example,dc=com"</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">rootpw<span> </span>{SSHA}Rt9x/xGxM5e8+RpKbvTCWYT8POUEaKwA</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"># Indices to maintain</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">index cn,sn,uid pres,eq,approx,sub</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2">index<span> </span>objectClass<span> </span>eq</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Courier New" size="2"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"> </font></p></span></div></div><br>-<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">
http://www.freeradius.org/list/users.html</a><br><br></blockquote></div><br>