<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Alan,<br>
<br>
I 've found the reason why le rlm_ldap module<br>
was not loaded.<br>
Now it's a little better i.e., but now the LDAP<br>
can't authenticate my account:<br>
<br>
Below the new output when running <br>
radtest: /usr/bin/radtest/ -d /etc/freeradius "ldap" "xxxx"
127.0.0.1:1812 10 testing123:<br>
<br>
r<small><i>ad_recv: Access-Request packet from host 127.0.0.1 port
36154, id=158, length=56<br>
User-Name = "ldap"<br>
User-Password = "xxxx"<br>
NAS-IP-Address = 192.168.55.150<br>
NAS-Port = 10<br>
+- entering group authorize<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
rlm_realm: No '/' in User-Name = "ldap", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
++[IPASS] returns noop<br>
rlm_realm: No '@' in User-Name = "ldap", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br>
++[files] returns noop<br>
++[unix] returns notfound<br>
rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for ldap<br>
expand: (sAMAccountName=%u) -> (sAMAccountName=ldap)<br>
expand: dc=privee,dc=enssib,dc=fr ->
dc=privee,dc=enssib,dc=fr<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to servcdom.privee.enssib.fr:389, authentication 0<br>
rlm_ldap: bind as cn=ldap,cn=users,dc=privee,dc=enssib,dc=fr/xxxx to
servcdom.privee.enssib.fr:389<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in dc=privee,dc=enssib,dc=fr, with filter
(sAMAccountName=ldap)<br>
<font color="#ff0000">rlm_ldap: ldap_search() failed: Operations error<br>
rlm_ldap: search failed<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns fail<br>
Invalid user: [ldap/toti] (from client localhost port 10)<br>
Found Post-Auth-Type Reject</font><br>
+- entering group REJECT<br>
expand: %{User-Name} -> ldap<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 0<br>
Sending Access-Reject of id 158 to 127.0.0.1 port 36154<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 158 with timestamp +206<br>
Ready to process requests.</i><br>
<br>
</small>I've noticed that the account 'ldap' binds successfully the
LDAP,<br>
but the connecting step fails. <br>
<br>
Thanks for any answer.<br>
<br>
<pre class="moz-signature" cols="72">Isabelle RECH LE RECIS
Enssib
Département informatique
17-21 Bd du 11 Novembre 1918
69623 Villeurbanne Cedex
Tel : 04 72 44 43 34
<a class="moz-txt-link-freetext" href="http://www.enssib.fr/">http://www.enssib.fr/</a>
__________________________________</pre>
<br>
<br>
<br>
Le 24/08/2010 16:09, Alan DeKok a écrit :
<blockquote cite="mid:4C73D2AF.3030807@deployingradius.com" type="cite">
<pre wrap="">Isabelle RECH wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi frree-radius users !
I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5
We want to access an LDAP / windows base , wich is declared
in radiusd.conf file
Below is the output produced by the radiusd -X debugging mode
when I run the radtest :
</pre>
</blockquote>
<pre wrap="">...
</pre>
<blockquote type="cite">
<pre wrap=""> Obviously, it's the authenticate method which
is missing . I've add this entry it in the
/etc/freeradius/sites-available/default:
- The entries ldap pap are uncommented in Authorize { } section
</pre>
</blockquote>
<pre wrap="">
Read the debug output again. You did *not* uncomment the "ldap" line
in the "authorize" section.
Alan DeKok.
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
__________________________________
</pre>
</body>
</html>