We have tried to integrate OpenLDAP and FreeRadius. When we try to authenticate with the clients this is the error message: Thu Jul 20 20:53:45 2006 : Info: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32801, id=0, length=217 User-Name = "misterc" CHAP-Challenge = 0xa26932d73791f27d1314426f740ab34e CHAP-Password = 0x002e07a2cc1f27e7fbd22e7bb3721a3986 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "XX-XX-XX-XX-XX-XX" Called-Station-Id = "AA-AA-AA-AA-DD-AA" NAS-Identifier = "nas01" Acct-Session-Id = "44bfd15d00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf61479bee3c987c66cca254dcfa39c0a WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Thu Jul 20 20:54:50 2006 : Debug: Processing the authorize section of radiusd.conf Thu Jul 20 20:54:50 2006 : Debug: modcall: entering group authorize for request 0 Thu Jul 20 20:54:50 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Thu Jul 20 20:54:50 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Jul 20 20:54:50 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Thu Jul 20 20:54:50 2006 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Thu Jul 20 20:54:50 2006 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: - authorize Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: performing user authorization for misterc Thu Jul 20 20:54:50 2006 : Debug: radius_xlat: '(uid=misterc)' Thu Jul 20 20:54:50 2006 : Debug: radius_xlat: 'ou=utenti,dc=XXXX,dc=it' Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: attempting LDAP reconnection Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: (re)connect to 192.168.1.221:389, authentication 0 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: bind as / to 192.168.1.221:389 Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: waiting for bind result ... Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: Bind was successful Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: performing search in ou=utenti,dc=XXXX,dc=it, with filter (uid=misterc) Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: object not found or got ambiguous search result Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: search failed Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Jul 20 20:54:51 2006 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Thu Jul 20 20:54:51 2006 : Debug: modcall[authorize]: module "ldap" returns notfound for request 0 Thu Jul 20 20:54:51 2006 : Debug: modcall: leaving group authorize (returns noop) for request 0 Thu Jul 20 20:54:51 2006 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Thu Jul 20 20:54:51 2006 : Debug: auth: Failed to validate the user. This is the Radius configuration we are using: my radius.conf modules { pap { encryption_scheme = clear } ldap { server="192.168.1.221" port="389" basedn="ou=utenti,dc=uniroma1,dc=it" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "uid" dictionary_mapping = ${raddbdir}/ldap.attrmap authtype = ldap ldap_connections_number = 5 password_header = "{SHA}" password_attribute = userPassword } } authorize { eap ldap } authenticate { Auth-Type PAP { pap } Auth-Type LDAP { ldap } } And this is the my OpenLDAP directory (maybe can be useful): My LDAP directory tree dn: dc=xxxx,dc=it dc: xxxx objectClass: dcObject objectClass: organizationalUnit ou: uniromaProject structuralObjectClass: organizationalUnit entryUUID: 8344c65e-aa07-102a-869a-1bfd23c6a14f creatorsName: cn=Manager,dc=xxxx,dc=it modifiersName: cn=Manager,dc=xxxx,dc=it createTimestamp: 20060717174334Z modifyTimestamp: 20060717174334Z entryCSN: 20060717174334Z#000000#00#000000 dn: dc=xxxx,dc=it dc: xxxx objectClass: dcObject objectClass: organizationalUnit ou: uniromaProject structuralObjectClass: organizationalUnit entryUUID: 8344c65e-aa07-102a-869a-1bfd23c6a14f creatorsName: cn=Manager,dc=xxxx,dc=it modifiersName: cn=Manager,dc=xxxx,dc=it createTimestamp: 20060717174334Z modifyTimestamp: 20060717174334Z entryCSN: 20060717174334Z#000000#00#000000 dn: cn=Luca Ricci,ou=utenti,dc=xxxx,dc=it uid: misterc description: bel giovine sn: Ricci cn: newperson cn: Luca Ricci structuralObjectClass: inetOrgPerson entryUUID: 729c0282-ab64-102a-8ceb-c14bbfafb8b4 creatorsName: cn=Manager,dc=xxxx,dc=it createTimestamp: 20060719112120Z userPassword:: e1NIQX1TQ01UU1l5cVpESHcvSXhqRUJGWHdQQnFTTXM9 objectClass: radiusprofile objectClass: inetOrgPerson radiusAuthType: LDAP entryCSN: 20060719135155Z#000000#00#000000 If you need any other information please ask us; sorry if we are boring you but we are trying and trying without any significant result. Thanks. On 7/20/06, Alan DeKok <aland@nitros9.org> wrote:
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
We need an exclusively web-based authentication for clients, avoiding the installation of external programs to check access like Xsupplicant. The implementation works fine with a MySQL Database, but the question is if is possible realize the same implementation using OpenLDAP instead of MySQL keeping for clients the same web-based login criterions.
Yes.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html