I have tried and
nearly completely succeeded in authentication and authorization. The user is
identified in LDAP just not provided access (rad_recv: Access-Reject packet from
host 10.1.1.27:1812, id=121, length=20).
Another issue I have
is with the user login. In Windowz, a new user is created by providing the
First name, middle initial and last name which is not their "User logon name".
These credentials are distributed within AD-LDAP in the "CN=" fields
using spaces to break the name. If this is not exactly how the "User
logon name" is installed then radius request rejects authentication.
An example would be:
User Tom
Thumb
Logon
tthumb
CN=Tom
Thumb
sAMAccountName=radtest
So when a request of
the database occurrs using ldap lookup with "cn=tthumb" it fails and I
do not know if there is another way around this but using sAMAccountName doesn't
work either.
I am hopeful that I
am missing something.
My question is, how
do I get an "Accept" from the request and is there a way around the
basedn naming conventions that will alllow FreeRadius to work with
Windowz?
Below is user
"testing" with a logon of "testing".
rlm_ldap: -
authorize
rlm_ldap: performing user authorization for
testing
radius_xlat: '(cn=testing)'
radius_xlat:
'ou=xxxx0,dc=xxxx1,dc=xxxx2,dc=EDU'
rlm_ldap: ldap_get_conn: Checking Id:
0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP
reconnection
rlm_ldap: (re)connect to xxxx1.xxxx2.EDU:389, authentication
0
rlm_ldap: bind as superuser@xxxx1.xxxx2.edu/password
to xxxx1.xxxx2.EDU:389
rlm_ldap: waiting for bind result ...
rlm_ldap:
Bind was successful
rlm_ldap: performing search in
ou=xxxx0,dc=xxxx1,dc=xxxx2,dc=EDU, with filter (cn=testing)
rlm_ldap: looking
for check items in directory...
rlm_ldap: looking for reply items in
directory...
rlm_ldap: user testing authorized to use remote
access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group
authorize returns ok for request 0
rad_check_password: Found
Auth-Type System
auth: type "System"
Processing the authenticate
section of radiusd.conf
modcall: entering group authenticate for request
0
modcall[authenticate]: module "unix" returns notfound for request
0
modcall: group authenticate returns notfound for request 0
auth: Failed
to validate the user.
Delaying request 0 for 1 seconds
Finished request
0
Going to the next request
Thread 1 waiting to be assigned a
request
rad_recv: Access-Request packet from host 10.1.1.27:32803, id=121,
length=59
Sending Access-Reject of id 121 to 10.1.1.27:32803
--- Walking
the entire request list ---
Waking up in 3 seconds...
--- Walking the
entire request list ---
Cleaning up request 0 ID 121 with timestamp
43c2d99f
Nothing to do. Sleeping until we see a
request.