Hi all :
I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. I have
set the radiusd configuration file (/usr/local/etc/raddb/radius.conf) about
ldap information as follows :
ldap {
server = "localhost"
identity = "cn=Manager¡Adc=nchc¡Adc=org¡Adc=tw"
password = hsuan
basedn = "dc=nchc¡Adc=org¡Adc=tw"
filter =
(&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
ldap_connections_number = 5
password_header = "{crypt}"
password_attribute =User-Password
timeout
= 4
timelimit
= 3
net_timeout
= 1
}
But when I using ¡§radius -X¡¨ to
start the radius server ,and in the client I using ¡§radtest ldapuser
ldapuser radius_server_ip 0 secret¡¨ ,
The server shown the message :
[ldap] performing user authorization for
ldapuser
[ldap] WARNING: Deprecated conditional
expansion ":-". See "man unlang" for details
[ldap] expand:
(&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))"
-> (&(!(objectClass=alias))(uid=ldapuser))"
[ldap] expand: dc=nchc??dc=org??dc=tw
-> dc=nchc??dc=org??dc=tw
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389,
authentication 0
rlm_ldap: bind as
cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check
identity, password settings in ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [ldapuser/ldapuser] (from
client my_radius_client_pc port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]
expand: %{User-Name} -> ldapuser
attr_filter: Matched entry DEFAULT at
line 11
++[attr_filter.access_reject] returns
updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 128 to 192.168.2.1
port 49351
Waking up in 4.9 seconds.
Cleaning up request 3 ID 128 with timestamp
+135542
Then the client receive the ¡§rad_recv:
Access-Reject packet from host 192.168.2.1 port 1812, id=22, length=20¡¨
What¡¦s the problem ? how can I fix
the error ?
Regards,
Vicky