Hi, Is it possible to altogether avoid authenticate section and just do ldap lookups in the authorize section? authorize { ldap { notfound = reject } } The problem is in the authenticate section, radius gets the userDN from the authorize and tries to "bind" ldap with password which we don't have. I also tried in users file Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2` But for some reason it is not working. Please help. Let me know if you need more information or please guide me to any documentation. Thanks and Regards, Eric. --- Eric Martell <workoutexcite@yahoo.com> wrote:
I am little bit confused as how to configure radiusd.conf in the authorize and/or authenticate section. So password is going to act like ldap attribute.
We are going to pass, username and ldap attribute (home phone #) as input for each user.
The way it is configured now is in the modules,
ldap { server = "10.11.12.2" identity = "cn=Manager,dc=eng,dc=com" password = answer2 basedn = "dc=eng,dc=com"
filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))"
// just for testing
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize { .. .. .. ldap ...
}
authenticate { Auth-Type LDAP { ldap } }
In the logs it says:
rlm_ldap: - authorize rlm_ldap: performing user authorization for test1 radius_xlat: '(&(uid=test1)(phone=1231313128))' radius_xlat: 'dc=eng,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=eng,dc=com, with filter (&(uid=test1)(phone=1231313128)) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test1 authorized to use remote access
this is good.... But in the authenticate section
rlm_ldap: - authenticate rlm_ldap: login attempt by "test1" with password "1231313128" rlm_ldap: user DN: id=1967816, dc=eng,dc=com rlm_ldap: bind as id=1967816, dc=eng,dc=com/1231313128
rlm_ldap: waiting for bind result ... rlm_ldap: id=1967816, dc=eng,dc=com bind to 10.11.12.2:389 failed Inappropriate authentication rlm_ldap: ldap_connect() failed
Not sure why it is trying to bind as id=1967816, dc=eng,dc=com/1231313128
The only thing I want to do it, just authorize the ldap and pass the user through.
Please let me know if I am missing something.
Thanks so much.
Regards, Erik.
____________________________________________________________________________________
Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now.
http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs