Hi all :

I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. I have set the radiusd configuration file (/usr/local/etc/raddb/radius.conf) about ldap information as follows :

ldap {

        server = "localhost"

        identity = "cn=Manager¡Adc=nchc¡Adc=org¡Adc=tw"

        password = hsuan

        basedn = "dc=nchc¡Adc=org¡Adc=tw"

        filter = (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))"

        start_tls = no

        dictionary_mapping = ${raddbdir}/ldap.attrmap

        ldap_connections_number = 5

        ldap_connections_number = 5

        password_header = "{crypt}"

        password_attribute =User-Password

        timeout = 4

        timelimit = 3

       net_timeout = 1

}

 

But when I using ¡§radius -X¡¨ to start the radius server ,and in the client I using ¡§radtest ldapuser ldapuser radius_server_ip 0 secret¡¨ ,

The server shown the message :

 

 

 

 

[ldap] performing user authorization for ldapuser

[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details

[ldap]  expand: (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" -> (&(!(objectClass=alias))(uid=ldapuser))"

[ldap]  expand: dc=nchc??dc=org??dc=tw -> dc=nchc??dc=org??dc=tw

rlm_ldap: ldap_get_conn: Checking Id: 0

rlm_ldap: ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to localhost:389, authentication 0

rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389

rlm_ldap: waiting for bind result ...

rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf

rlm_ldap: (re)connection attempt failed

[ldap] search failed

rlm_ldap: ldap_release_conn: Release Id: 0

++[ldap] returns fail

Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0)

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> ldapuser

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 3 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 3

Sending Access-Reject of id 128 to 192.168.2.1 port 49351

Waking up in 4.9 seconds.

Cleaning up request 3 ID 128 with timestamp +135542

 

 

Then the client receive the ¡§rad_recv: Access-Reject packet from host 192.168.2.1 port 1812, id=22, length=20¡¨

 

What¡¦s the problem ? how can I fix the error ?

 

Regards,

Vicky