<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 9pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
Dear all,<br><br> <br><br>I am tying to configure freeradius 1.1.7 on Solaris10
to authenticate with ldap server. After I configure it, radiusd -X -A running
well, once I run radtest I got the error as
below:<br><br> <br><br>==============================================================================================================<br><br>./radiusd
-X -A<br>Starting - reading configuration files ...<br>reread_config: reading
radiusd.conf<br>Config: including file:
/usr/local/etc/raddb/proxy.conf<br>Config: including file:
/usr/local/etc/raddb/clients.conf<br>Config: including file:
/usr/local/etc/raddb/snmp.conf<br>Config: including file:
/usr/local/etc/raddb/eap.conf<br>Config: including file:
/usr/local/etc/raddb/sql.conf<br> main: prefix = "/usr/local"<br> main:
localstatedir = "/usr/local/var"<br> main: logdir =
"/usr/local/var/log/radius"<br> main: libdir = "/usr/local/lib"<br> main:
radacctdir = "/usr/local/var/log/radius/radacct"<br> main: hostname_lookups =
no<br> main: snmp = no<br> main: max_request_time = 30<br> main: cleanup_delay =
5<br> main: max_requests = 1024<br> main: delete_blocked_requests = 0<br> main:
port = 0<br> main: allow_core_dumps = no<br> main: lo!<br>g_stripped_names =
no<br> main: log_file = "/usr/local/var/log/radius/radius.log"<br> main:
log_auth = no<br> main: log_auth_badpass = no<br> main: log_auth_goodpass =
no<br> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br> main: user =
"(null)"<br> main: group = "(null)"<br> main: usercollide = no<br> main:
lower_user = "no"<br> main: lower_pass = "no"<br> main: nospace_user =
"no"<br> main: nospace_pass = "no"<br> main: checkrad =
"/usr/local/sbin/checkrad"<br> main: proxy_requests = yes<br> proxy: retry_delay
= 5<br> proxy: retry_count = 3<br> proxy: synchronous = no<br> proxy:
default_fallback = yes<br> proxy: dead_time = 120<br> proxy:
post_proxy_authorize = no<br> proxy: wake_all_if_all_dead = no<br> security:
max_attributes = 200<br> security: reject_delay = 1<br> security: status_server
= no<br> main: debug_level = 0<br>read_config!<br>_files: reading
dictionary<br>read_config_files: reading n<br>aslist<br>Using deprecated
naslist file. Support for this will go away soon.<br>read_config_files:
reading clients<br>read_config_files: reading realms<br>radiusd: entering
modules setup<br>Module: Library search path is /usr/local/lib<br>Module: Loaded
exec <br> exec: wait = yes<br> exec: program = "(null)"<br> exec: input_pairs =
"request"<br> exec: output_pairs = "(null)"<br> exec: packet_type =
"(null)"<br>rlm_exec: Wait=yes but no output defined. Did you mean
output=none?<br>Module: Instantiated exec (exec) <br>Module: Loaded expr
<br>Module: Instantiated expr (expr) <br>Module: Loaded LDAP <br> ldap: server =
"ldap.icpdd.neca.nec.com.au"<br> ldap: port = 389<br> ldap: net_timeout =
10<br> ldap: timeout = 30<br> ldap: timelimit = 3<br> ldap: identity =
""<br> ldap: tls_mode = no<br> ldap: start_tls = no<br> ldap: tls_cacertfile =
"(null)"<br> ldap: tls_cacertdir = "(null)"!<br><br> ldap: tls_certfile =
"(null)"<br> ldap: tls_keyfile = "(null)"<br> ldap: tls_randfile =
"(null)"<br> ldap: tls_require_cert = "allow"<br> ldap: password = ""<br> ldap:
basedn = "ou=people,dc=icpdd,dc=neca,dc=nec,dc=com,dc=au"<br> ldap: filter =
"(uid=%u)"<br> ldap: base_filter = "(objectclass=radiusprofile)"<br> ldap:
default_profile = "(null)"<br> ldap: profile_attribute = "(null)"<br> ldap:
password_header = "(null)"<br> ldap: password_attribute = "(null)"<br> ldap:
access_attr = "dialupAccess"<br> ldap: groupname_attribute = "cn"<br> ldap:
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<br> ldap:
groupmembership_attribute = "(null)"<br> ldap: dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"<br> ldap: ldap_debug = 0<br> ldap:
ldap_connections_number = 5<br>&nbs!<br>p;ldap: compare_check_items =
no<br> ldap: access_attr_used_for_a<br>llow = yes<br> ldap: do_xlat =
yes<br> ldap: set_auth_type = yes<br>rlm_ldap: Registering ldap_groupcmp for
Ldap-Group<br>rlm_ldap: Registering ldap_xlat with xlat_name ldap<br>rlm_ldap:
reading ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap<br>rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$<br>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS
$GENERIC$<br>rlm_ldap: LDAP radiusAuthType mapped to RADIUS
Auth-Type<br>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use<br>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id<br>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id<br>rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-Password<br>rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-Password<br>rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT<br>rlm_ldap: LDAP radiusExpiration mapped to RADIUS
Expiration<br>rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS
NAS!<br>-IP-Address<br>rlm_ldap: LDAP radiusServiceType mapped to RADIUS
Service-Type<br>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
Framed-Protocol<br>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address<br>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask<br>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS
Framed-Route<br>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS
Framed-Routing<br>rlm_ldap: LDAP radiusFilterId mapped to RADIUS
Filter-Id<br>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS
Framed-MTU<br>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression<br>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS
Login-IP-Host<br>rlm_ldap: LDAP radiusLoginService mapped to RADIUS
Login-Service<br>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS
Login-TCP-Port<br>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
Callback-Number<br>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS
Callback-Id<br>rlm_ldap:!<br>LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network<br>rl<br>m_ldap: LDAP radiusClass mapped to RADIUS
Class<br>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
Session-Timeout<br>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS
Idle-Timeout<br>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action<br>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
Login-LAT-Service<br>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS
Login-LAT-Node<br>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
Login-LAT-Group<br>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link<br>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to
RADIUS Framed-AppleTalk-Network<br>rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone<br>rlm_ldap: LDAP radiusPortLimit mapped
to RADIUS Port-Limit<br>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS
Login-LAT-Port<br>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS
Reply-Message<br>conns: 55300<br>Module: Instantiated ldap (ldap)
<br>!<br>Module: Loaded eap <br> eap: default_eap_type = "md5"<br> eap:
timer_expire = 60<br> eap: ignore_unknown_eap_types = no<br> eap:
cisco_accounting_username_bug = no<br>rlm_eap: Loaded and initialized type
md5<br>rlm_eap: Loaded and initialized type leap<br> gtc: challenge = "Password:
"<br> gtc: auth_type = "PAP"<br>rlm_eap: Loaded and initialized type
gtc<br> mschapv2: with_ntdomain_hack = no<br>rlm_eap: Loaded and initialized
type mschapv2<br>Module: Instantiated eap (eap) <br>Module: Loaded preprocess
<br> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"<br> preprocess:
hints = "/usr/local/etc/raddb/hints"<br> preprocess: with_ascend_hack =
no<br> preprocess: ascend_channels_per_line = 23<br> preprocess:
with_ntdomain_hack = no<br> preprocess: with_specialix_jetstream_hack =
no<br> preprocess: with_cisco_vsa_hack = no<br> preprocess:
with_alvarion_vsa_hack = no<br>Module: Instantiated pre!<br>process (preprocess)
<br>Module: Loaded CHAP <br>Module: Instantiated <br>chap (chap) <br>Module:
Loaded MS-CHAP <br> mschap: use_mppe = yes<br> mschap: require_encryption =
no<br> mschap: require_strong = no<br> mschap: with_ntdomain_hack =
no<br> mschap: passwd = "(null)"<br> mschap: ntlm_auth = "(null)"<br>Module:
Instantiated mschap (mschap) <br>Module: Loaded realm <br> realm: format =
"suffix"<br> realm: delimiter = "@"<br> realm: ignore_default = no<br> realm:
ignore_null = no<br>Module: Instantiated realm (suffix) <br>Module: Loaded files
<br> files: usersfile = "/usr/local/etc/raddb/users"<br> files: acctusersfile =
"/usr/local/etc/raddb/acct_users"<br> files: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"<br> files: compat = "no"<br>Module:
Instantiated files (files) <br>Module: Loaded Acct-Unique-Session-Id
<br> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"<br>Module: Instantiated acct_unique
(acct_unique!<br>) <br>Module: Loaded detail <br> detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br> detail:
detailperm = 384<br> detail: dirperm = 493<br> detail: locking = no<br>Module:
Instantiated detail (detail) <br>Module: Loaded System <br> unix: cache =
no<br> unix: passwd = "(null)"<br> unix: shadow = "(null)"<br> unix: group =
"(null)"<br> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"<br> unix:
usegroup = no<br> unix: cache_reload = 600<br>Module: Instantiated unix (unix)
<br>Module: Loaded radutmp <br> radutmp: filename =
"/usr/local/var/log/radius/radutmp"<br> radutmp: username =
"%{User-Name}"<br> radutmp: case_sensitive = yes<br> radutmp: check_with_nas =
yes<br> radutmp: perm = 384<br> radutmp: callerid = yes<br>Module: Instantiated
radutmp (radutmp) <br>Listening on authentication *:1812<br>Listening on
accounting *:1813<br>Ready to process !<br>requests.<br><font color="#ff0000">rad_recv: Access-Request packet from <br>host 127.0.0.1:61260,
id=86, length=60<br> User-Name = "testid"<br> User-Password =
"password"<br> NAS-IP-Address = 255.255.255.255<br> NAS-Port =
0<br> Processing the authorize section of radiusd.conf<br>modcall: entering
group authorize for request 0<br> modcall[authorize]: module "preprocess"
returns ok for request 0<br> modcall[authorize]: module "chap" returns noop for
request 0<br> modcall[authorize]: module "mschap" returns noop for request
0<br> rlm_realm: No </font><a href="mailto:%27@%27"><font color="#ff0000">'@'</font></a><font color="#ff0000"> in User-Name = "weitingc",
looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 0<br> rlm_eap: No
EAP-Message, not doing EAP!<br><br> modcall[authorize]: module "eap" returns
noop for request 0<br> users: Matched entry DEFAULT at line 152<br>
modcall[authorize]: module "files" returns ok for request 0<br>modcall: leaving
group authorize (returns ok) for request 0<br> rad_check_password: Found
Auth-Type LDAP<br>auth: type "LDAP"<br> Processing the authenticate section of
radiusd.conf<br>modcall: entering group LDAP for request 0<br>rlm_ldap: -
authenticate<br>rlm_ldap: login attempt by "testid" with password
"password"<br>radius_xlat: '(uid=weitingc)'<br>radius_xlat:
'ou=people,dc=mydomain,dc=com,dc=au'<br>rlm_ldap: ldap_get_conn: Checking Id:
0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP
reconnection<br>rlm_ldap: (re)connect to ldap.icpdd.neca.nec.com.au:389,
authentication 0<br>ld.so.1: radiusd: fatal: relocation error: file
/usr/local/lib/rlm_ldap-1.1.7.so: symbol ldap_int_tls_config: referenced symbol
not
found<br>Killed<br>======================================================<br><br><br> <br><br> <br><br><span style="color: rgb(0, 0, 0);">Any
idea for this issue?</span><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);"> </span><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Thanks and regards,</span><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);"> </span><br style="color: rgb(0, 0, 0);"><br style="color: rgb(0, 0, 0);"><span style="color: rgb(0, 0, 0);">Weiting
Chen</span><br></font><br /><hr />MSN上小游戏,工作休闲两不误! <a href='http://im.live.cn/minigame' target='_new'>马上就开始玩!</a></body>
</html>