<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type"/>
<title></title>
</head>
<body>
My LDAP server uses SASL mechanism for authenticating uid/username against userPassword. How can I integrate this LDAp server with FreeRadius server and what all configuration need to be changed ???. On debug, my radius server shows following error. Kindly suggest<br/>
<br/>
Traffic flow as follows:<br/>
<br/>
Radius client--> Radius server--> Ldap server --> SASL Authentication---> Backend server<br/>
<br/>
<br/>
<br/>
rad_recv: Access-Request packet from host 10.168.109.120 port 42911, id=96, length=58<br/>
User-Name = "google"<br/>
User-Password = "google@1234"<br/>
NAS-IP-Address = 10.1.109.120<br/>
NAS-Port = 0<br/>
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<br/>
+- entering group authorize {...}<br/>
++[preprocess] returns ok<br/>
++[chap] returns noop<br/>
++[mschap] returns noop<br/>
++[digest] returns noop<br/>
[suffix] No '@' in User-Name = "google", looking up realm NULL<br/>
[suffix] No such realm "NULL"<br/>
++[suffix] returns noop<br/>
[eap] No EAP-Message, not doing EAP<br/>
++[eap] returns noop<br/>
++[files] returns noop<br/>
++[smbpasswd] returns notfound<br/>
[ldap] performing user authorization for google<br/>
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br/>
[ldap] ... expanding second conditional<br/>
[ldap] expand: %{User-Name} -> google<br/>
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=google)<br/>
[ldap] expand: ou=Users,dc=cdac,dc=in -> ou=Users,dc=cdac,dc=in<br/>
[ldap] ldap_get_conn: Checking Id: 0<br/>
[ldap] ldap_get_conn: Got Id: 0<br/>
[ldap] performing search in ou=Users,dc=cdac,dc=in, with filter (uid=google)<br/>
request done: ld 0x748c7d0 msgid 9<br/>
[ldap] object not found<br/>
[ldap] search failed<br/>
[ldap] ldap_release_conn: Release Id: 0<br/>
++[ldap] returns notfound<br/>
++[expiration] returns noop<br/>
++[logintime] returns noop<br/>
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br/>
++[pap] returns noop<br/>
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user<br/>
Failed to authenticate the user.<br/>
Using Post-Auth-Type Reject<br/>
# Executing group from file /usr/local/etc/raddb/sites-enabled/default<br/>
+- entering group REJECT {...}<br/>
[attr_filter.access_reject] expand: %{User-Name} -> google<br/>
attr_filter: Matched entry DEFAULT at line 11<br/>
++[attr_filter.access_reject] returns updated<br/>
Delaying reject of request 13 for 1 seconds<br/>
Going to the next request<br/>
Waking up in 0.9 seconds.<br/>
Sending delayed reject for request 13<br/>
Sending Access-Reject of id 96 to 10.168.109.120 port 42911<br/>
Waking up in 4.9 seconds.<br/>
<br/>
Regards<br/>
<br/>
Vijay<br/>
<br/>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by MailScanner and is
<br />believed to be clean.
</body>
</html>