aprotector wrote:
I've been trying to get my freeradius server to work with an Netscape LDAP server and authenticate users when they connect via VPN to our Sonicwall gateway. I have set the Sonicwall as a client so the radius recognizes it and then adjusted the radiusd.conf. However, when I try to authenticate an LDAP user from the sonicwall it will say the authentication failed and the radius shows the following messages:
And no reference to "ldap".
+- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
So... you have a user in LDAP, and you didn't uncomment the references to "ldap" in the "authorize" section. i.e. you have a user in LDAP, and you didn't tell the server to look in the LDAP database.
If I uncomment a local user account on the Radius box and then try authenticating from the Sonicwall with this it will succeed. It just doesn't seem to want to go to the LDAP server and then back to the Sonicwall. Has anyone had any experience with this sort of setup, and might be able to shed some light on how I can set it up to use LDAP for the authentication?
$ grep ldap raddb/* raddb/*/* Read. Edit. Run. Alan DeKok.