I am extremely sorry. Looks like it created new thread with same title. Really apologized. Admin's please merge the thread. Eric. --- Eric Martell <workoutexcite@yahoo.com> wrote:
Hi, Is it possible to altogether avoid authenticate section and just do ldap lookups in the authorize section?
authorize { ldap { notfound = reject } }
The problem is in the authenticate section, radius gets the userDN from the authorize and tries to "bind" ldap with password which we don't have.
I also tried in users file Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2`
But for some reason it is not working.
Please help.
Let me know if you need more information or please guide me to any documentation.
Thanks and Regards, Eric.
--- Eric Martell <workoutexcite@yahoo.com> wrote:
I am little bit confused as how to configure radiusd.conf in the authorize and/or authenticate section. So password is going to act like ldap attribute.
We are going to pass, username and ldap attribute (home phone #) as input for each user.
The way it is configured now is in the modules,
ldap { server = "10.11.12.2" identity = "cn=Manager,dc=eng,dc=com" password = answer2 basedn = "dc=eng,dc=com"
filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))"
// just for testing
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize { .. .. .. ldap ...
}
authenticate { Auth-Type LDAP { ldap } }
In the logs it says:
rlm_ldap: - authorize rlm_ldap: performing user authorization for test1 radius_xlat: '(&(uid=test1)(phone=1231313128))' radius_xlat: 'dc=eng,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2
rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=eng,dc=com, with filter (&(uid=test1)(phone=1231313128)) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test1 authorized to use remote access
this is good.... But in the authenticate section
rlm_ldap: - authenticate rlm_ldap: login attempt by "test1" with password "1231313128" rlm_ldap: user DN: id=1967816, dc=eng,dc=com rlm_ldap: bind as id=1967816, dc=eng,dc=com/1231313128
rlm_ldap: waiting for bind result ... rlm_ldap: id=1967816, dc=eng,dc=com bind to 10.11.12.2:389 failed Inappropriate authentication rlm_ldap: ldap_connect() failed
Not sure why it is trying to bind as id=1967816, dc=eng,dc=com/1231313128
The only thing I want to do it, just authorize the ldap and pass the user through.
Please let me know if I am missing something.
Thanks so much.
Regards, Erik.
____________________________________________________________________________________
Be a better sports nut! Let your teams follow you
with Yahoo Mobile. Try it now.
http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
____________________________________________________________________________________
Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs
____________________________________________________________________________________ Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/