Hi Still something is wrong. I have the following authorize section: authorize { preprocess auth_req_log suffix sql ldap } I tried such authenticate sections: authenticate { Auth-Type LDAP { ldap } Auth-Type Digest { digest } Auth-Type PAP { pap } } authenticate { ldap } all the time I receive failed authentication, what do I miss here? hu Jan 24 09:40:35 2008 : Debug: rlm_ldap: - authorize Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing user authorization for tzl Thu Jan 24 09:40:35 2008 : Debug: expand: (mail=%u@touk.pl) -> (mail= tzl@touk.pl) Thu Jan 24 09:40:35 2008 : Debug: expand: ou=Touki,ou=People,dc=touk,dc=pl -> ou=Touki,ou=People,dc=touk,dc=pl Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing search in ou=Touki,ou=People,dc=touk,dc=pl, with filter (mail=tzl@touk.pl) request 5 done Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: Added User-Password = {MD5}SNNMxdM+Zfvr//0yEp0DuA== in check items Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for check items in directory... Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA==" Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for reply items in directory... Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: user tzl authorized to use remote access Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Jan 24 09:40:35 2008 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok Thu Jan 24 09:40:35 2008 : Debug: auth: type Local Thu Jan 24 09:40:35 2008 : Debug: auth: user supplied User-Password does NOT match local User-Password Thu Jan 24 09:40:35 2008 : Debug: auth: Failed to validate the user. Thu Jan 24 09:40:35 2008 : Auth: Login incorrect: [tzl/somepass] (from client localhost port 0) Thu Jan 24 09:40:35 2008 : Debug: Found Post-Auth-Type Reject Thu Jan 24 09:40:35 2008 : Debug: +- entering group REJECT Thu Jan 24 09:40:35 2008 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 3 Thu Jan 24 09:40:35 2008 : Debug: expand: %{User-Name} -> tzl Thu Jan 24 09:40:35 2008 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Jan 24 09:40:35 2008 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 3 Thu Jan 24 09:40:35 2008 : Debug: ++[attr_filter.access_reject] returns updated regards tomasz 2008/1/23 <tnt@kalik.co.yu>:
Uncomment ldap in authenticate section.
Ivan Kalik Kalik Informatika ISP
Dana 23/1/2008, "Tomasz Zieleniewski" <tzieleniewski@gmail.com> piše:
Hi,
I am using version 2.0.2-pre I would like to use ldap for freeradius authentication. I couldn't find anything on web about this topic. I have ldap module in the authorize section in my default virtual server. I see in the debug that ldap module returns ok during authorization please point me what do I have to do to use ldap olso for authentication
is it enough to put ldap invocation in authentication section? below debug from authorization
thanks a lot for any help! regards -tomasz
rlm_ldap: waiting for bind result ... request 1 done rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Touki,ou=People,dc=touk,dc=pl, with filter (mail=tzl@touk.pl) request 2 done rlm_ldap: Added User-Password = {MD5}SNNMxdM+Zfvr//0yEp0DuA== in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA==" rlm_ldap: looking for reply items in directory... rlm_ldap: user tzl authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html