Hi All,<br><br>Please help me in fixing this issus. <br>Still im not able to fix it...<br><br>My access-request is not successed when i configure multiple ldap instances. I read the rlm_ldap document, according to that, <br>
<br>I have the following configuration in radiusd.conf<br><br>authorize {<br> ...<br> files<br> redundant {<br> ldap_primary<br> ldap_secondary
<br> }<br> eap<br> }<br><br>..<br>authenticate {<br> .....<br> Auth-Type LDAP {<br> redundant {<br> ldap_primary
<br> ldap_secondary<br> }<br> }<br><br>...# primary ldap configuration<br>ldap ldap_primary {<br> server = <a href="http://1.1.1.1">
1.1.1.1</a><br> ....<br> }<br><br>In my users file i have the following policy:<br># Primary ldap server's group policy - accept<br><br> DEFAULT ldap_primary-Ldap-Group == "ads-group1", Symbol-Wlan-Index =~ wlan1,Login-Time := "Any0000-2359"
<br><br>#Primary ldap server's group policy- reject<br><br> DEFAULT ldap_primary-Ldap-Group == "ads-group1", Symbol-Wlan-Index =~ wlan2|wlan3|wlan4, Auth-Type := Reject<br><br>DEFAULT Auth-Type := Reject<br><br>
Please find the logs below.. <br>rad_recv: Access-Request packet from host <a href="http://127.0.0.1:41256">127.0.0.1:41256</a>, id=85, length=277<br> User-Name = "sumithra"<br> Called-Station-Id = "00-A0-F8-BF-E9-BC:wlan1"
<br> Calling-Station-Id = "00-0F-3D-E9-A6-54"<br> NAS-Port = 1<br> NAS-Port-Type = Wireless-802.11<br> Framed-MTU = 1400<br> NAS-IP-Address = <a href="http://127.0.0.1">127.0.0.1
</a><br> NAS-Identifier = "WS5100"<br> Symbol-Wlan-Index = "wlan1"<br> NAS-Port-Id = "WLAN1"<br> Connect-Info = "CONNECT 54Mbps 802.11a"<br> State = 0x3477b37e06e1959a106065fa6b552b46
<br> EAP-Message = 0x0205004715800000003d170301003865d55f3cd46e8f5b7036c78d38a3a9fc51dbdff5f8f256cedd0b1e3da150ed5a4f7f605fdced3725189e4836dc817af1cea9c7047ff1073e<br> Message-Authenticator = 0x16f08ab431d475e4a824d796da35d410
<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 5<br> modcall[authorize]: module "preprocess" returns ok for request 5<br> modcall[authorize]: module "chap" returns noop for request 5
<br> modcall[authorize]: module "mschap" returns noop for request 5<br> rlm_realm: No '/' in User-Name = "sumithra", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix_oblic" returns noop for request 5
<br> rlm_realm: No '/' in User-Name = "sumithra", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "prefix_oblic" returns noop for request 5<br>
rlm_realm: No '@' in User-Name = "sumithra", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix_at" returns noop for request 5<br> rlm_realm: No '@' in User-Name = "sumithra", looking up realm NULL
<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "prefix_at" returns noop for request 5<br> rlm_realm: No '%' in User-Name = "sumithra", looking up realm NULL<br> rlm_realm: No such realm "NULL"
<br> modcall[authorize]: module "suffix_percent" returns noop for request 5<br> rlm_realm: No '%' in User-Name = "sumithra", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "prefix_percent" returns noop for request 5<br>rlm_ldap: Entering ldap_groupcmp()<br>radius_xlat: 'ou=123,dc=123,dc=123,dc=com'<br>radius_xlat: '(sAMAccountName=sumithra)'<br>rlm_ldap: ldap_get_conn: Checking Id: 0
<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in ou=123,dc=123,dc=123,dc=com, with filter (sAMAccountName=sumithra)<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>radius_xlat: '(|(&(objectClass=GroupOfNames)(member=CN=sumithra,OU=123,DC=123,DC=123,DC=com))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN=sumithra,OU=123,DC=123,DC=123,DC=com)))'
<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in ou=123,dc=123,dc=123,dc=com, with filter (&(cn=ads-group1)(|(&(objectClass=GroupOfNames)(member=CN=sumithra,OU=123,DC=123,DC=123,DC=com))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN=sumithra,OU=123,DC=123,DC=123,DC=com))))
<br>rlm_ldap: object not found or got ambiguous search result<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in CN=sumithra,OU=123,DC=123,DC=123,DC=com, with filter (objectclass=*)
<br>rlm_ldap::ldap_groupcmp: ldap_get_values() failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>rlm_ldap: Entering ldap_groupcmp()<br>radius_xlat: 'ou=123,dc=123,dc=123,dc=com'<br>radius_xlat: '(|(&(objectClass=GroupOfNames)(member=CN=sumithra,OU=123,DC=123,DC=123,DC=com))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN=sumithra,OU=WIOS,DC=wios,DC=symbol,DC=com)))'
<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in ou=123,dc=123,dc=123,dc=com, with filter (&(cn=ads-group1)(|(&(objectClass=GroupOfNames)(member=CN=sumithra,OU=123,DC=123,DC=123,DC=com))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN=sumithra,OU=123,DC=123,DC=123,DC=com))))
<br>rlm_ldap: object not found or got ambiguous search result<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in CN=sumithra,OU=123,DC=123,DC=123,DC=com, with filter (objectclass=*)
<br>rlm_ldap::ldap_groupcmp: ldap_get_values() failed<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "files" returns notfound for request 5<br>modcall: entering group redundant for request 5
<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for sumithra<br>radius_xlat: '(sAMAccountName=sumithra)'<br>radius_xlat: 'ou=123,dc=123,dc=123,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0
<br>rlm_ldap: performing search in ou=123,dc=123,dc=123,dc=com, with filter (sAMAccountName=sumithra)<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user sumithra authorized to use remote access
<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap_primary" returns ok for request 5<br>modcall: leaving group redundant (returns ok) for request 5<br> rlm_eap: EAP packet type response id 5 length 71
<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 5<br>modcall: leaving group authorize (returns updated) for request 5<br>
rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 5<br> rlm_eap: Request not found in the list
<br>rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request<br> rlm_eap: Failed in handler<br> modcall[authenticate]: module "eap" returns invalid for request 5<br>modcall: leaving group authenticate (returns invalid) for request 5
<br>auth: Failed to validate the user.<br>Delaying request 5 for 1 seconds<br>Finished request 5<br>Going to the next request<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---
<br>Cleaning up request 0 ID 81 with timestamp 4450b417<br>Cleaning up request 1 ID 82 with timestamp 4450b417<br>Cleaning up request 2 ID 83 with timestamp 4450b417<br>Cleaning up request 3 ID 84 with timestamp 4450b417<br>
Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Sending Access-Reject of id 85 to <a href="http://127.0.0.1">127.0.0.1</a> port 41256<br>Waking up in 4 seconds...<br><br><br>Please reply me if you have any idea where the configuration is wrong.
<br><br>Thanks in advance.<br><br>Regards<br>Sumithra<br> <br><br><br> <br><div><span class="gmail_quote">On 4/25/06, <b class="gmail_sendername">sumi thra</b> <<a href="mailto:sumi.techno@gmail.com">
sumi.techno@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: ltr;">Yes. i got it now.<br>
<br>Thank you so much for your information. :-)<br><br>Regards<br></div><div style="direction: ltr;"><span class="sg">Sumi</span></div><div style="direction: ltr;"><span class="e" id="q_10acf70efd9fb59e_2"><br><br><div><span class="gmail_quote">
On 4/25/06, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@nitros9.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
aland@nitros9.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">"sumi thra" <<a href="mailto:sumi.techno@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
sumi.techno@gmail.com</a>> wrote:<br>> 1. When i configure the free-radius to use redundant ldap, the radius server<br>> contacts the secondary ldap server first.<br><br> It works for me.<br><br> And since you haven't posted the debugging output as suggested in
<br>the README, FAQ, INSTALL, etc., my guess is you're doing something<br>else wrong that causes the problem.<br><br>> 2. My users file has : DEFAULT LDAP-Group := "groupname1" some vendor<br>> specific attributes follows..
<br>> DEFAULT LDAP-Group := "groupname2" .....<br>><br>> Do i need to specify it as ldap_primary-LDAP-Group := "groupname1"<br><br> Did you read doc/rlm_ldap?<br>
<br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.freeradius.org/list/users.html
</a><br></blockquote></div><br>
</span></div></blockquote></div><br>