LDAP login failed: check identity, password settings in ldap section of radiusd.conf, (re)connection attempt failed
Hi all : I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. I have set the radiusd configuration file (/usr/local/etc/raddb/radius.conf) about ldap information as follows : ldap { server = "localhost" identity = "cn=Manager,dc=nchc,dc=org,dc=tw" password = hsuan basedn = "dc=nchc,dc=org,dc=tw" filter = (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = "{crypt}" password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But when I using “radius -X” to start the radius server ,and in the client I using “radtest ldapuser ldapuser radius_server_ip 0 secret” , The server shown the message : [ldap] performing user authorization for ldapuser [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" -> (&(!(objectClass=alias))(uid=ldapuser))" [ldap] expand: dc=nchc??dc=org??dc=tw -> dc=nchc??dc=org??dc=tw rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> ldapuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 128 to 192.168.2.1 port 49351 Waking up in 4.9 seconds. Cleaning up request 3 ID 128 with timestamp +135542 Then the client receive the “rad_recv: Access-Reject packet from host 192.168.2.1 port 1812, id=22, length=20” What’s the problem ? how can I fix the error ? Regards, Vicky
ldap {
server = "localhost"
identity = "cn=ManagerĄAdc=nchcĄAdc=orgĄAdc=tw"
password = hsuan
..
rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed
Nothing misterious now. Looks like that identity is wrong (strange characters). Use english keyboard to type those details. Or is it my mail client? Ivan Kalik Kalik Informatika ISP
participants (2)
-
hsuan -
tnt@kalik.net