I don't see anything in the log here about ldap. It jumps from [logintime] to [pap]. Did you uncomment lines containing "ldap" in the sites-enabled/default file (in the authorize and authenticate sections)? Yancey On May 29, 2008, at 2:34 PM, aprotector wrote:
I've been trying to get my freeradius server to work with an Netscape LDAP server and authenticate users when they connect via VPN to our Sonicwall gateway. I have set the Sonicwall as a client so the radius recognizes it and then adjusted the radiusd.conf. However, when I try to authenticate an LDAP user from the sonicwall it will say the authentication failed and the radius shows the following messages:
---------- (running in radiusd -X)
User-Name = "testuser" User-Password = "testing" NAS-IP-Address = sonicwallIP NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [testuser/testing] (from client sonicwall port 0) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Waking up in 4.9 seconds.
----------
If I uncomment a local user account on the Radius box and then try authenticating from the Sonicwall with this it will succeed. It just doesn't seem to want to go to the LDAP server and then back to the Sonicwall. Has anyone had any experience with this sort of setup, and might be able to shed some light on how I can set it up to use LDAP for the authentication? -- View this message in context: http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...... Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html