<div dir="ltr"><div class="gmail_quote">Hi all,<br>I have already tested the ldap server and everything works well and the
radius authentication server works very well locally and with the user
file. My ldap adn radius server are not on the same machine. I tried to solve it but it still doesn't work.<br>The log is as follows:<br><div dir="ltr">( freeradius-server 2.1.6 + OpenLdap + CentOs v.3.5<i><b>)<br><br>
</b></i><i>------------------------------------------------------------------------------------------------------------------------------------------<br>Sat Aug 8 16:44:40 2009 : Debug: Ready to process requests.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186, length=58<br>
User-Name = "user"<br> User-Password = "mypass"<br> NAS-IP-Address = 10.1.1.12<br> NAS-Port = 0<br>Sat Aug 8 17:05:09 2009 : Info: +- entering group authorize {...}<br>Sat Aug 8 17:05:09 2009 : Info: ++[preprocess] returns ok<br>
Sat Aug 8 17:05:09 2009 : Info: ++[chap] returns noop<br>Sat Aug 8 17:05:09 2009 : Info: ++[mschap] returns noop<br>Sat Aug 8 17:05:09 2009 : Info: [suffix] No '@' in User-Name = "user", looking up realm NULL<br>
Sat Aug 8 17:05:09 2009 : Info: [suffix] No such realm "NULL"<br>Sat Aug 8 17:05:09 2009 : Info: ++[suffix] returns noop<br>Sat Aug 8 17:05:09 2009 : Info: [eap] No EAP-Message, not doing EAP<br>Sat Aug 8 17:05:09 2009 : Info: ++[eap] returns noop<br>
Sat Aug 8 17:05:09 2009 : Info: ++[unix] returns notfound<br>Sat Aug 8 17:05:09 2009 : Info: ++[files] returns noop<br>Sat Aug 8 17:05:09 2009 : Info: [ldap] performing user authorization for user<br>Sat Aug 8 17:05:09 2009 : Info: [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>
Sat Aug 8 17:05:09 2009 : Info: [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=user)<br>Sat Aug 8 17:05:09 2009 : Info: [ldap] expand: ou=People,dc=uae,dc=ac,dc=ma -> ou=People,dc=uae,dc=ac,dc=ma<br>
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0<br>Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0<br>Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: attempting LDAP reconnection<br>
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: (re)connect to <a href="http://ldap.uae.ac.ma:389">ldap.uae.ac.ma:389</a>, authentication 0<br>Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: bind as / to <a href="http://ldap.uae.ac.ma:389">ldap.uae.ac.ma:389</a><br>
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: waiting for bind result ...<br>Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: Bind was successful<br>Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: performing search in ou=People,dc=uae,dc=ac,dc=ma, with filter (uid=user)<br>
Sat Aug 8 17:05:25 2009 : Info: [ldap] looking for check items in directory...<br>Sat Aug 8 17:05:25 2009 : Info: [ldap] looking for reply items in directory...<br>Sat Aug 8 17:05:25 2009 : Debug: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br>
Sat Aug 8 17:05:25 2009 : Info: [ldap] Setting Auth-Type = LDAP<br>Sat Aug 8 17:05:25 2009 : Info: [ldap] user user authorized to use remote access<br>Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0<br>
Sat Aug 8 17:05:25 2009 : Info: ++[ldap] returns ok<br>Sat Aug 8 17:05:25 2009 : Info: ++[expiration] returns noop<br>Sat Aug 8 17:05:25 2009 : Info: ++[logintime] returns noop<br>Sat Aug 8 17:05:25 2009 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
Sat Aug 8 17:05:25 2009 : Info: ++[pap] returns noop<br>Sat Aug 8 17:05:25 2009 : Info: Found Auth-Type = LDAP<br>Sat Aug 8 17:05:25 2009 : Info: +- entering group LDAP {...}<br>Sat Aug 8 17:05:25 2009 : Info: [ldap] login attempt by "user" with password "mypass"<br>
Sat Aug 8 17:05:25 2009 : Info: [ldap] user DN: uid=user,ou=People,dc=uae,dc=ac,dc=ma<br>Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: (re)connect to <a href="http://ldap.uae.ac.ma:389">ldap.uae.ac.ma:389</a>, authentication 1<br>
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: bind as uid=user,ou=People,dc=uae,dc=ac,dc=ma/mypass to <a href="http://ldap.uae.ac.ma:389">ldap.uae.ac.ma:389</a><br>Sat Aug 8 17:05:40 2009 : Debug: rlm_ldap: waiting for bind result ...<br>
<span style="color: rgb(0, 0, 0); background-color: rgb(255, 0, 0);">Sat Aug 8 17:05:40 2009 : Debug: rlm_ldap: Bind was successful</span><br><span style="background-color: rgb(255, 0, 0);">Sat Aug 8 17:05:40 2009 : Info: [ldap] user user authenticated succesfully</span><br>
Sat Aug 8 17:05:40 2009 : Info: ++[ldap] returns ok<br>Sat Aug 8 17:05:40 2009 : Info: +- entering group post-auth {...}<br>Sat Aug 8 17:05:40 2009 : Info: ++[exec] returns noop<br>Sending Access-Accept of id 186 to 127.0.0.1 port 50760<br>
Sat Aug 8 17:05:40 2009 : Info: Finished request 0.<br>Sat Aug 8 17:05:40 2009 : Debug: Going to the next request<br>Sat Aug 8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186, length=58<br>
Sat Aug 8 17:05:40 2009 : Info: Sending duplicate reply to client localhost port 50760 - ID: 186<br><span style="background-color: rgb(51, 255, 255);">Sending Access-Accept of id 186 to 127.0.0.1 port 50760</span><br>Sat Aug 8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186, length=58<br>Sat Aug 8 17:05:40 2009 : Info: Sending duplicate reply to client localhost port 50760 - ID: 186<br>Sending Access-Accept of id 186 to 127.0.0.1 port 50760<br>
Sat Aug 8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.<br>Sat Aug 8 17:05:45 2009 : Info: Cleaning up request 0 ID 186 with timestamp +1229<br>Sat Aug 8 17:05:45 2009 : Debug: Ready to process requests.<br><br><br>
------------------------------------------------------------------------------------------------------------------------------------------<br></i>and something weird on the radtest output:<i><br>[root@serve-mde raddb]# /usr/local/freeradius-server-2.1.6/bin/radtest user mypass localhost 0 testtest<br>
Sending Access-Request of id 108 to 127.0.0.1 port 1812<br> User-Name = "user"<br> User-Password = "mypass"<br> NAS-IP-Address = 10.1.1.12<br> NAS-Port = 0<br>Sending Access-Request of id 108 to 127.0.0.1 port 1812<br>
User-Name = "user"<br> User-Password = "mypass"<br> NAS-IP-Address = 10.1.1.12<br> NAS-Port = 0<br>Sending Access-Request of id 108 to 127.0.0.1 port 1812<br> User-Name = "user"<br>
User-Password = "mypass"<br> NAS-IP-Address = 10.1.1.12<br> NAS-Port = 0<br><span style="background-color: rgb(255, 0, 0);">radclient: no response from server for ID 108 socket 3</span><br>[root@serve-mde raddb]# <br>
-----------------------------------------------------------------------------------------------------------------------------------------<br></i>the radb/modules/ldap file is like this:<br><span style="background-color: rgb(153, 255, 255);"> </span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);">ldap {</span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> server = "<a href="http://ldap.uae.ac.ma">ldap.uae.ac.ma</a>"</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> basedn = "ou=People,dc=uae,dc=ac,dc=ma"</span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> </span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> ldap_connections_number = 5</span><br style="background-color: rgb(153, 255, 255);">
<br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> timeout = 4</span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> timelimit = 3</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> </span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> tls {</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> </span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> start_tls = no </span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> </span><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> }</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);"> dictionary_mapping = ${confdir}/ldap.attrmap</span><br style="background-color: rgb(153, 255, 255);"><br style="background-color: rgb(153, 255, 255);"><span style="background-color: rgb(153, 255, 255);"> edir_account_policy_check = no</span><br style="background-color: rgb(153, 255, 255);">
<span style="background-color: rgb(153, 255, 255);">}</span><br>here are the entry on the ldap server(approximately):<br><table class="tree" cellspacing="0"><tbody><tr><td class="expander"><a href="http://ldap.uae.ac.ma/collapse.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma"><img src="http://ldap.uae.ac.ma/images/minus.png" alt="-"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="icon"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame"><img src="http://ldap.uae.ac.ma/images/dc.png" alt="img"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="rdn" colspan="98"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=dc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame">dc<span style="color: blue; font-family: courier; font-weight: bold;">=</span>uae<span style="color: red; font-family: courier; font-weight: bold;">,</span>dc<span style="color: blue; font-family: courier; font-weight: bold;">=</span>ac<span style="color: red; font-family: courier; font-weight: bold;">,</span>dc<span style="color: blue; font-family: courier; font-weight: bold;">=</span>ma</a> <span class="count">(3)</span></td>
</tr><tr><td class="spacer"><br></td><td style="background-color: rgb(255, 204, 0);" class="expander"><a href="http://ldap.uae.ac.ma/expand.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma"><img src="http://ldap.uae.ac.ma/images/plus.png" alt="+"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="icon"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame" name="0_cn=admin,dc=uae,dc=ac,dc=ma"><img src="http://ldap.uae.ac.ma/images/user.png" alt="img"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="rdn" colspan="97"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=cn%3Dadmin%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame">cn<span style="color: blue; font-family: courier; font-weight: bold;">=</span>admin</a></td>
</tr><tr><td class="spacer"><br></td><td style="background-color: rgb(255, 204, 0);" class="expander"><a href="http://ldap.uae.ac.ma/expand.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma"><img src="http://ldap.uae.ac.ma/images/plus.png" alt="+"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="icon"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame" name="0_ou=Group,dc=uae,dc=ac,dc=ma"><img src="http://ldap.uae.ac.ma/images/ou.png" alt="img"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="rdn" colspan="97"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DGroup%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame">ou<span style="color: blue; font-family: courier; font-weight: bold;">=</span>Group</a></td>
</tr><tr><td class="spacer"><br></td><td style="background-color: rgb(255, 204, 0);" class="expander"><a href="http://ldap.uae.ac.ma/expand.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma"><img src="http://ldap.uae.ac.ma/images/plus.png" alt="+"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="icon"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame" name="0_ou=People,dc=uae,dc=ac,dc=ma"><img src="http://ldap.uae.ac.ma/images/ou.png" alt="img"></a></td>
<td style="background-color: rgb(255, 204, 0);" class="rdn" colspan="97"><a href="http://ldap.uae.ac.ma/template_engine.php?server_id=0&dn=ou%3DPeople%2Cdc%3Duae%2Cdc%3Dac%2Cdc%3Dma" target="right_frame">ou<span style="color: blue; font-family: courier; font-weight: bold;">=</span>People</a> <span class="count">(50+)</span></td>
</tr></tbody></table><br><i>
<b><br>Does anyone know what's wrong in my configuration?Is it the expiration times in the configuration file that I have to expand? how to do to give a server a possibility to response? <br><br></b></i> BEST REGARDS!<br>
-- <i><br>
<b>JJohnny R.</b></i><br><b><i>National School of Applied Sciences</i></b><br>
</div>
</div><br><br clear="all"><br>-- <br>JJohnny R.<br><a href="mailto:vasiana09@gmail.com">vasiana09@gmail.com</a><br>
</div>