Dickson, John wrote:
I have made great progress but still need assistance with the individual authentication being passed to the MS ldap. Using ldapsearch I have access to all the records. Using "ntlm_auth --request-nt-key --domain=xxxx1 --username=radtest" works as well. What I see is that "rlm_realm" finds no realm and is not able to pass authentication.
Why is the "NAS-IP-Address = 255.255.255.255"? Is it that my request from the localhost " radtest radtest userpass xxxx1.xxxx2.edu 0 testing123" has syntax errors? rlm_ldap: - authorize rlm_ldap: performing user authorization for radtest@xxxx1.xxxx2.edu radius_xlat: '(uid=radtest@xxxx1.xxxx2.edu)' radius_xlat: 'ou=Users,dc=xxxx1,dc=xxxx2,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Metro Users,dc=xxxx1,dc=xxxx2,dc=edu, with filter (uid=radtest@xxxx1.xxxx2.edu) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 7
You probably want to read the proxy.conf file and add your realm if you haven't already. Actually, you should read and understand what *all* of the files in the raddb dir are for. We use mysql, not ldap, but I'm guessing the uid in ldap is listed as "radtest", not "radtest@xxx1.xxx2.edu". So the ldap lookup is failing. In my sql.conf there is an option to use stripped UserName attributes. See if you have something like that in your ldap.conf file in raddb. You may need to adjust it. Alternately, make all your uids in ldap user@domain instead of just user. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com