On 1 Jul 2013, at 12:27, Horatiu Nimigean <horatiu.nimigean@ddnet.ro> wrote:
Greetings. I have a problem with freeradius using ldap to auth, here are my system specs:
Centos 6 64bit freeradius installed from repo
rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64
radtest fails
radtest testuser_1 "letmein_1" localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = "testuser_1" User-Password = "letmein_1" NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c
i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance,
No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set "set_auth_type = no" in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team