I've tried to authenticate to an LDAP server through RADIUS using the rlm_ldap module.... I'm using freeradius 1.1.0 with OpenLdap 2.1.8 with a bdb backend. The problem is that rlm_ldap module binds successfully to an authentication request in the authorization section, but fails to bind when its tryin to authenticate.... log for RADIUS server is given below along with the LDAP configuration... plz help me out /** In the client terminal ,now i've tried to authenticate with user : ldapuser* [root@localhost ~]# radtest ldapuser ldapuser localhost 2 testing123 Sending Access-Request of id 119 to 127.0.0.1 port 1812 User-Name = "ldapuser" User-Password = "ldapuser" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=119, length=20 * ** ** /*/ On the server side, response to ldapuser user authentication request...* rad_recv: Access-Request packet from host 127.0.0.1:32769, id=119, length=60 User-Name = "ldapuser" User-Password = "ldapuser" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local//var/log/radius/radacct/127.0.0.1/auth-detail-20060403' rlm_detail: /usr/local//var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local//var/log/radius/radacct/127.0.0.1/auth-detail-20060403 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "ldapuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 158 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for ldapuser radius_xlat: '(uid=ldapuser)' radius_xlat: 'ou=People,dc=example,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as / to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter (uid=ldapuser) rlm_ldap: Added password {crypt}$1$nwby/I64$ORzJuBh4/Ec3c.FAt2oqV0 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user ldapuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "ldapuser" with password "ldapuser" rlm_ldap: user DN: uid=ldapuser,ou=People,dc=example,dc=com rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=ldapuser,ou=People,dc=example,dc=com/ldapuser to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials modcall[authenticate]: module "ldap" returns reject for request 0 modcall: leaving group LDAP (returns reject) for request 0 auth: Failed to validate the user. Login incorrect (rlm_ldap: Bind as user failed): [ldapuser] (from client localhost port 2) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 119 to 127.0.0.1 port 32769 Waking up in 4 seconds... *// THE CONFIGURATION DETAILS REQUIRED FOR RLM_LDAP AUTHENTICATION ARE BELOW * * * */* **example.com.ldif (base entries added to LDAP database)* * * Dn: dc=example,dc=com Objectclass: dcObject Objectclass : organization o: Example company dc: example * * dn: cn=manager,dc=example,dc=com objectclass: organizationalRole cn: manager dn: ou=people,dc=example,dc=com ou: people description: All people in the organization objectClass: dcObject objectClass: organizationalUnit dc: example * * * * */*** ldapuser.ldif (details of user account for authentication added to the LDAP database */* * * dn: uid=ldapuser,ou=People,dc=example,dc=com uid: ldapuser cn: ldapuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$1$nwby/I64$ORzJuBh4/Ec3c.FAt2oqV0 shadowLastChange: 13238 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 503 gidNumber: 100 homeDirectory: /home/ldapuser /* *radiusd.conf (LDAP MODULE)* * * ldap { server = "localhost" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "ou=People,dc=example,dc=com" password_attribute = "userPassword" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" start_tls = no # tls_cacertfile = /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = "demand" # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" # access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 # compare_check_items = yes # do_xlat = yes # access_attr_used_for_allow = yes } authorize { chap mschap eap files ldap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Unix Auth-Type LDAP { ldap } *Slapd.conf (ldap configuration)* * * include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args ####################################################################### # ldbm database definitions ####################################################################### database bdb suffix "dc=example,dc=com" rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}Rt9x/xGxM5e8+RpKbvTCWYT8POUEaKwA # Indices to maintain index cn,sn,uid pres,eq,approx,sub index objectClass eq