rad_recv: Access-Request packet from host 127.0.0.1:32801, id=0, length=217 User-Name = "misterc" CHAP-Challenge = 0xa26932d73791f27d1314426f740ab34e CHAP-Password = 0x002e07a2cc1f27e7fbd22e7bb3721a3986 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "XX-XX-XX-XX-XX-XX" Called-Station-Id = "AA-AA-AA-AA-DD-AA" NAS-Identifier = "nas01" Acct-Session-Id = "44bfd15d00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf61479bee3c987c66cca254dcfa39c0a WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: - authorize Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: performing user authorization for misterc Thu Jul 20 20:54:50 2006 : Debug: radius_xlat: '(uid=misterc)' Thu Jul 20 20:54:50 2006 : Debug: radius_xlat: 'ou=utenti,dc=XXXX,dc=it'
Ok rlm_ldap is initialized
Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: bind as / to 192.168.1.221:389 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: waiting for bind result ... Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: Bind was successful
bind to the directory is Ok
Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: performing search in ou=utenti,dc=XXXX,dc=it, with filter (uid=misterc) Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: object not found or got ambiguous search result Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: search failed
Ah... Seems that the used bound to the ldap directory can't find uid=misterc in ou=utenti,dc=XXXX,dc=it
Thu Jul 20 20:54:51 2006 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
So Auth-Type isn't setted to Ldap
Thu Jul 20 20:54:51 2006 : Debug: auth: Failed to validate the user.
This is logical
ldap { server="192.168.1.221" port="389" basedn="ou=utenti,dc=uniroma1,dc=it" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "uid" dictionary_mapping = ${raddbdir}/ldap.attrmap authtype = ldap ldap_connections_number = 5 password_header = "{SHA}" password_attribute = userPassword } }
Well isn't it a pb of rights ? Is the anonymous user able to search the openldap directory for users entries ? What is the result of a simple "ldapsearch" with the same ldap filter.
If you need any other information please ask us; sorry if we are boring you but we are trying and trying without any significant result. Thanks.
Have you got ACLs in your openldap directory configuration files ? Regards, Thibault