Hi all :
I have install freeradius-server-2.1.1 and I want use LDAP to do authentication.
But when I using “radius -X” to
start the radius server ,and in the client I using “radtest ldapuser ldapuser
radius_server_ip 0 secret” ,
The server shown the message :
rad_recv: Access-Request packet from
host radius_client_ip port 35833, id=168, length=60
User-Name = "ldapuser"
User-Password = "ldapuser"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name =
"ldapuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[unix] returns updated
[sql] expand: %{User-Name}
-> ldapuser
[sql] sql_set_user escaped user -->
'ldapuser'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id,
username, attribute, value,
op FROM
radcheck WHERE username
=
'%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username =
'ldapuser' ORDER BY
id
[sql] expand: SELECT
groupname FROM
radusergroup WHERE
username =
'%{SQL-User-Name}'
ORDER BY priority -> SELECT
groupname FROM
radusergroup WHERE
username =
'ldapuser' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 2
[sql] User ldapuser not found
++[sql] returns notfound
[ldap] performing user authorization for
ldapuser
[ldap] WARNING: Deprecated conditional
expansion ":-". See "man unlang" for details
[ldap] expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ldapuser)
[ldap] expand: o=My Org,c=UA -> o=My
Org,c=UA
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389,
authentication 0
rlm_ldap: bind as cn=Manager,o=My
Org,c=UA/hsuan to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check
identity, password settings in ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [ldapuser/ldapuser] (from
client my_radius_client_pc port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]
expand: %{User-Name} -> ldapuser
attr_filter: Matched entry DEFAULT at
line 11
++[attr_filter.access_reject] returns
updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 168 to radius_server_ip
port 35833
Waking up in 4.9 seconds.
Cleaning up request 2 ID 168 with timestamp
+1020
The error looks like “rlm_ldap: LDAP
login failed: check identity, password settings in ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed ,
what’s the problem ??
”
Regards,
Vicky