Re: winbindd_priv dont exist
i dont have other ldap, if i change the port or the ip of the AD i see it in debug, but no take this options..i dont known ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> Enviado: martes, 12 de diciembre de 2017 02:30 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist On Dec 12, 2017, at 12:27 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
They are uncomment this options but nothing happend , try restarting too
You need to restart the server after that configuration change. If you still see the same error, then you're editing one file, and the server is reading another one. Read the debug output to see which file is used for the LDAP module. Then, edit that file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
What error or message are you now getting? Your original issue told you about chasing referrals add rebinding. You did that? Okay, so what did the output now say?? We aren't mind readers. alan On 12 Dec 2017 6:27 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote:
i dont have other ldap, if i change the port or the ip of the AD i see it in debug, but no take this options..i dont known
________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists. freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> Enviado: martes, 12 de diciembre de 2017 02:30 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist
On Dec 12, 2017, at 12:27 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
They are uncomment this options but nothing happend , try restarting too
You need to restart the server after that configuration change.
If you still see the same error, then you're editing one file, and the server is reading another one.
Read the debug output to see which file is used for the LDAP module. Then, edit that file.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
the error is the same ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com> Enviado: martes, 12 de diciembre de 2017 04:02 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist What error or message are you now getting? Your original issue told you about chasing referrals add rebinding. You did that? Okay, so what did the output now say?? We aren't mind readers. alan On 12 Dec 2017 6:27 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote: > > > > i dont have other ldap, if i change the port or the ip of the AD i see it > in debug, but no take this options..i dont known > > > ________________________________ > De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists. > freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> > Enviado: martes, 12 de diciembre de 2017 02:30 p.m. > Para: FreeRadius users mailing list > Asunto: Re: winbindd_priv dont exist > > On Dec 12, 2017, at 12:27 PM, Carlos Bordon <cgermanb@live.com.ar> wrote: > > They are uncomment this options but nothing happend , try restarting too > > You need to restart the server after that configuration change. > > If you still see the same error, then you're editing one file, and the > server is reading another one. > > Read the debug output to see which file is used for the LDAP module. > Then, edit that file. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/ FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > list/users.html > Support & Services<http://www.freeradius.org/list/users.html> Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > The world's leading RADIUS server. The project includes a GPL AAA server, > BSD licensed client and PAM and Apache modules. Full support is available > from NetworkRADIUS. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/ FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
the error cant be the same if you have configure the ldap module to deal with the previous error, please post debug output (otherwise I suspect you are editing the wrong file.....) alan On 12 December 2017 at 19:27, Carlos Bordon <cgermanb@live.com.ar> wrote: > the error is the same > > > ________________________________ > De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com> > Enviado: martes, 12 de diciembre de 2017 04:02 p.m. > Para: FreeRadius users mailing list > Asunto: Re: winbindd_priv dont exist > > What error or message are you now getting? Your original issue told you > about chasing referrals add rebinding. You did that? Okay, so what did the > output now say?? We aren't mind readers. > > alan > > On 12 Dec 2017 6:27 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote: > >> >> >> >> i dont have other ldap, if i change the port or the ip of the AD i see it >> in debug, but no take this options..i dont known >> >> >> ________________________________ >> De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists. >> freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> >> Enviado: martes, 12 de diciembre de 2017 02:30 p.m. >> Para: FreeRadius users mailing list >> Asunto: Re: winbindd_priv dont exist >> >> On Dec 12, 2017, at 12:27 PM, Carlos Bordon <cgermanb@live.com.ar> wrote: >> > They are uncomment this options but nothing happend , try restarting too >> >> You need to restart the server after that configuration change. >> >> If you still see the same error, then you're editing one file, and the >> server is reading another one. >> >> Read the debug output to see which file is used for the LDAP module. >> Then, edit that file. >> >> Alan DeKok. >> >> >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/ > FreeRADIUS<http://www.freeradius.org/> > www.freeradius.org > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> list/users.html >> Support & Services<http://www.freeradius.org/list/users.html> > Support & Services<http://www.freeradius.org/list/users.html> > www.freeradius.org > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> www.freeradius.org<http://www.freeradius.org> > FreeRADIUS<http://www.freeradius.org/> > www.freeradius.org > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> The world's leading RADIUS server. The project includes a GPL AAA server, >> BSD licensed client and PAM and Apache modules. Full support is available >> from NetworkRADIUS. >> >> >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/ > FreeRADIUS<http://www.freeradius.org/> > www.freeradius.org > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Support & Services<http://www.freeradius.org/list/users.html> > www.freeradius.org > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The file is /etc/freeradius/modules/ldap? already appeared commentated, only the uncomment it and rebbot the system ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com> Enviado: martes, 12 de diciembre de 2017 05:28 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist the error cant be the same if you have configure the ldap module to deal with the previous error, please post debug output (otherwise I suspect you are editing the wrong file.....) alan On 12 December 2017 at 19:27, Carlos Bordon <cgermanb@live.com.ar> wrote: > the error is the same > > > ________________________________ > De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com> > Enviado: martes, 12 de diciembre de 2017 04:02 p.m. > Para: FreeRadius users mailing list > Asunto: Re: winbindd_priv dont exist > > What error or message are you now getting? Your original issue told you > about chasing referrals add rebinding. You did that? Okay, so what did the > output now say?? We aren't mind readers. > > alan > > On 12 Dec 2017 6:27 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote: > >> >> >> >> i dont have other ldap, if i change the port or the ip of the AD i see it >> in debug, but no take this options..i dont known >> >> >> ________________________________ >> De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists. >> freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> >> Enviado: martes, 12 de diciembre de 2017 02:30 p.m. >> Para: FreeRadius users mailing list >> Asunto: Re: winbindd_priv dont exist >> >> On Dec 12, 2017, at 12:27 PM, Carlos Bordon <cgermanb@live.com.ar> wrote: >> > They are uncomment this options but nothing happend , try restarting too >> >> You need to restart the server after that configuration change. >> >> If you still see the same error, then you're editing one file, and the >> server is reading another one. >> >> Read the debug output to see which file is used for the LDAP module. >> Then, edit that file. >> >> Alan DeKok. >> >> >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/ FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > FreeRADIUS<http://www.freeradius.org/> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> list/users.html >> Support & Services<http://www.freeradius.org/list/users.html> Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > Support & Services<http://www.freeradius.org/list/users.html> Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > FreeRADIUS<http://www.freeradius.org/> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> The world's leading RADIUS server. The project includes a GPL AAA server, >> BSD licensed client and PAM and Apache modules. Full support is available >> from NetworkRADIUS. >> >> >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/ FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > FreeRADIUS<http://www.freeradius.org/> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> FreeRADIUS<http://www.freeradius.org/> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > >> list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > Support & Services<http://www.freeradius.org/list/users.html> Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > www.freeradius.org<http://www.freeradius.org> > The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi, ..and what does the debug output now say??? alan
Hi, I make a new installation on centos 7 and freeradius v3, but i get the same error i follow this guide: https://commonworkspace.ru/article.php?id=38 FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://commonworkspace.ru/article.php?id=38> commonworkspace.ru Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS 7. rlm_ldap (ldap): Reserved connection (0) (0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap: --> (uid=administrator) (0) ldap: Performing search in "dc=*****,dc=net" with filter "(uid=administrator)", scope "sub" (0) ldap: Waiting for search result... (0) ldap: ERROR: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details. (0) ldap: ERROR: Server said: 00002020: Operation unavailable without authentication. rlm_ldap (ldap): Released connection (0) Need 5 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldap://172.18.98.110:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (0) [ldap] = fail (0) } # authorize = fail (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Post-Auth-Type REJECT { (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> administrator (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 58 from 127.0.0.1:1812 to 127.0.0.1:48940 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 58 with timestamp +11 ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com> Enviado: miércoles, 13 de diciembre de 2017 09:49 a.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist hi, ..and what does the debug output now say??? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
On Dec 13, 2017, at 1:03 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
I make a new installation on centos 7 and freeradius v3, but i get the same error
Then you're still making the same mistake.
i follow this guide:
The FreeRADIUS Wiki has extensive documentation on this subject. Please follow that.
rlm_ldap (ldap): Reserved connection (0)
And you're posting the same debug output again. That doesn't help. This isn't difficult. The debug output tells you which files the server is reading. You need to read the debug output, and edit those files. If you're editing a text file on disk, FreeRADIUS will see those changes, and read them. There is no magic here. It's all basic Unix system administration. Alan DeKok.
i undertand, but I do not know where else to search, if i change the ip of ldap server i see the change, but with chase nothing happend, comment or uncomment is the same error. Sorry for the inconvenience, but I'm really stuck this a complete debug Wed Dec 13 15:39:14 2017 : Debug: (1) Received Access-Request Id 185 from 127.0.0.1:37200 to 127.0.0.1:1812 length 82 Wed Dec 13 15:39:14 2017 : Debug: (1) User-Name = "administraor" Wed Dec 13 15:39:14 2017 : Debug: (1) User-Password = "H23dMclc" Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-IP-Address = 172.18.98.201 Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-Port = 2 Wed Dec 13 15:39:14 2017 : Debug: (1) Message-Authenticator = 0x564e81c3f590c00a02ef6d81e5a1631b Wed Dec 13 15:39:14 2017 : Debug: (1) session-state: No State attribute Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Dec 13 15:39:14 2017 : Debug: (1) authorize { Wed Dec 13 15:39:14 2017 : Debug: (1) policy filter_username { Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) { Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) -> TRUE Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) { Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./) { Wed Dec 13 15:39:14 2017 : Debug: No matches Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) } # if (&User-Name) = notfound Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy filter_username = notfound Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) Wed Dec 13 15:39:14 2017 : Debug: (1) [preprocess] = ok Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) Wed Dec 13 15:39:14 2017 : Debug: (1) [chap] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) Wed Dec 13 15:39:14 2017 : Debug: (1) [mschap] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) Wed Dec 13 15:39:14 2017 : Debug: (1) [digest] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: Checking for suffix after "@" Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No '@' in User-Name = "administraor", looking up realm NULL Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No such realm "NULL" Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) Wed Dec 13 15:39:14 2017 : Debug: (1) [suffix] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) Wed Dec 13 15:39:14 2017 : Debug: (1) eap: No EAP-Message, not doing EAP Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling files (rlm_files) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from files (rlm_files) Wed Dec 13 15:39:14 2017 : Debug: (1) [files] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling ldap (rlm_ldap) Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was idle for 271 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a92dd40 Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 271 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a92e630 Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was idle for 271 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a93f090 Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was idle for 271 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a93f980 Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (0): Hit idle_timeout, was idle for 262 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a8ec1f0 Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (5): Hit idle_timeout, was idle for 262 seconds Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to lower "min" Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle 0x56501a9734d0 Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional connection (6), 1 of 32 pending slots used Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://172.18.98.110:389 Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle 0x56501a9734d0 Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind result... Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Reserved connection (6) Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL XLAT Wed Dec 13 15:39:14 2017 : Debug: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree: Wed Dec 13 15:39:14 2017 : Debug: literal --> (uid= Wed Dec 13 15:39:14 2017 : Debug: XLAT-IF { Wed Dec 13 15:39:14 2017 : Debug: attribute --> Stripped-User-Name Wed Dec 13 15:39:14 2017 : Debug: } Wed Dec 13 15:39:14 2017 : Debug: XLAT-ELSE { Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name Wed Dec 13 15:39:14 2017 : Debug: } Wed Dec 13 15:39:14 2017 : Debug: literal --> ) Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: --> (uid=administraor) Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Performing search in "cn=Users,dc=*****,dc=net" with filter "(uid=administraor)", scope "sub" Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Waiting for search result... Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details. Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Server said: 00002020: Operation unavailable without authentication. Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Released connection (6) Wed Dec 13 15:39:14 2017 : Info: Need 2 more connections to reach min connections (3) Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional connection (7), 1 of 31 pending slots used Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://172.18.98.110:389 Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle 0x56501a9737f0 Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind result... Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned from ldap (rlm_ldap) Wed Dec 13 15:39:14 2017 : Debug: (1) [ldap] = fail Wed Dec 13 15:39:14 2017 : Debug: (1) } # authorize = fail Wed Dec 13 15:39:14 2017 : Debug: (1) Using Post-Auth-Type Reject Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing group from file /etc/raddb/sites-enabled/default Wed Dec 13 15:39:14 2017 : Debug: (1) Post-Auth-Type REJECT { Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) Wed Dec 13 15:39:14 2017 : Debug: %{User-Name} Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree: Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: EXPAND %{User-Name} Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: --> administraor Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) Wed Dec 13 15:39:14 2017 : Debug: (1) [attr_filter.access_reject] = updated Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling eap (rlm_eap) Wed Dec 13 15:39:14 2017 : Debug: (1) eap: Request didn't contain an EAP-Message, not inserting EAP-Failure Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned from eap (rlm_eap) Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) policy remove_reply_message_if_eap { Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message) { Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Wed Dec 13 15:39:14 2017 : Debug: (1) else { Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling noop (rlm_always) Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned from noop (rlm_always) Wed Dec 13 15:39:14 2017 : Debug: (1) [noop] = noop Wed Dec 13 15:39:14 2017 : Debug: (1) } # else = noop Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy remove_reply_message_if_eap = noop Wed Dec 13 15:39:14 2017 : Debug: (1) } # Post-Auth-Type REJECT = updated Wed Dec 13 15:39:14 2017 : Debug: (1) Delaying response for 1.000000 seconds Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.3 seconds. Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.6 seconds. Wed Dec 13 15:39:15 2017 : Debug: (1) Sending delayed response Wed Dec 13 15:39:15 2017 : Debug: (1) Sent Access-Reject Id 185 from 127.0.0.1:1812 to 127.0.0.1:37200 length 20 Wed Dec 13 15:39:15 2017 : Debug: Waking up in 3.9 seconds. ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> Enviado: miércoles, 13 de diciembre de 2017 03:21 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist On Dec 13, 2017, at 1:03 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
I make a new installation on centos 7 and freeradius v3, but i get the same error
Then you're still making the same mistake.
i follow this guide:
https://commonworkspace.ru/article.php?id=38 FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://commonworkspace.ru/article.php?id=38> commonworkspace.ru Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS 7.
The FreeRADIUS Wiki has extensive documentation on this subject. Please follow that.
rlm_ldap (ldap): Reserved connection (0)
And you're posting the same debug output again. That doesn't help. This isn't difficult. The debug output tells you which files the server is reading. You need to read the debug output, and edit those files. If you're editing a text file on disk, FreeRADIUS will see those changes, and read them. There is no magic here. It's all basic Unix system administration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
So, do you have those values set to yes?
Also, see the other message in the output about authentication.... You need
to bind with correct user/pass and privileges. Is your user really administraor
, (or is that a typo?)
On 13 Dec 2017 6:42 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote:
> i undertand, but I do not know where else to search, if i change the ip of
> ldap server i see the change, but with chase nothing happend, comment or
> uncomment is the same error.
>
>
> Sorry for the inconvenience, but I'm really stuck
>
>
> this a complete debug
>
> Wed Dec 13 15:39:14 2017 : Debug: (1) Received Access-Request Id 185 from
> 127.0.0.1:37200 to 127.0.0.1:1812 length 82
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Name = "administraor"
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Password = "H23dMclc"
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-IP-Address = 172.18.98.201
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-Port = 2
> Wed Dec 13 15:39:14 2017 : Debug: (1) Message-Authenticator =
> 0x564e81c3f590c00a02ef6d81e5a1631b
> Wed Dec 13 15:39:14 2017 : Debug: (1) session-state: No State attribute
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing section authorize from
> file /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) authorize {
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy filter_username {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) -> TRUE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) ->
> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ )
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # if (&User-Name) = notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy filter_username =
> notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [preprocess] = ok
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [chap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [mschap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [digest] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: Checking for suffix after "@"
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No '@' in User-Name =
> "administraor", looking up realm NULL
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No such realm "NULL"
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [suffix] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: No EAP-Message, not doing EAP
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [files] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (1):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92dd40
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (2):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92e630
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (3):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f090
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (4):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f980
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (0):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a8ec1f0
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (5):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): 0 of 0 connections in
> use. You may need to increase "spare"
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (6), 1 of 32 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Reserved connection (6)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL XLAT
> Wed Dec 13 15:39:14 2017 : Debug: (uid=%{%{Stripped-User-Name}:-
> %{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: literal --> (uid=
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-IF {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> Stripped-User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-ELSE {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: literal --> )
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND
> (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: --> (uid=administraor)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Performing search in
> "cn=Users,dc=*****,dc=net" with filter "(uid=administraor)", scope "sub"
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Waiting for search result...
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Failed performing search:
> Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module
> configuration for details.
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Server said: 00002020:
> Operation unavailable without authentication.
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Released connection (6)
> Wed Dec 13 15:39:14 2017 : Info: Need 2 more connections to reach min
> connections (3)
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (7), 1 of 31 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9737f0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [ldap] = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # authorize = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) Using Post-Auth-Type Reject
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing group from file
> /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) Post-Auth-Type REJECT {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: EXPAND
> %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: -->
> administraor
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: Matched
> entry DEFAULT at line 11
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [attr_filter.access_reject] =
> updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: Request didn't contain an
> EAP-Message, not inserting EAP-Failure
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy
> remove_reply_message_if_eap {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) else {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> calling noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> returned from noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [noop] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # else = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy
> remove_reply_message_if_eap = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # Post-Auth-Type REJECT = updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) Delaying response for 1.000000
> seconds
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.3 seconds.
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.6 seconds.
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sending delayed response
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sent Access-Reject Id 185 from
> 127.0.0.1:1812 to 127.0.0.1:37200 length 20
> Wed Dec 13 15:39:15 2017 : Debug: Waking up in 3.9 seconds.
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.
> freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com>
> Enviado: miércoles, 13 de diciembre de 2017 03:21 p.m.
> Para: FreeRadius users mailing list
> Asunto: Re: winbindd_priv dont exist
>
> On Dec 13, 2017, at 1:03 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
> >
> > I make a new installation on centos 7 and freeradius v3, but i get the
> same error
>
> Then you're still making the same mistake.
>
> > i follow this guide:
> >
> > https://commonworkspace.ru/article.php?id=38
> FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://
> commonworkspace.ru/article.php?id=38>
> commonworkspace.ru
> Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS
> 7.
>
>
>
>
> The FreeRADIUS Wiki has extensive documentation on this subject.
> Please follow that.
>
> > rlm_ldap (ldap): Reserved connection (0)
>
>
> And you're posting the same debug output again. That doesn't help.
>
> This isn't difficult. The debug output tells you which files the server
> is reading. You need to read the debug output, and edit those files.
>
> If you're editing a text file on disk, FreeRADIUS will see those
> changes, and read them. There is no magic here. It's all basic Unix
> system administration.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
> Support & Services<http://www.freeradius.org/list/users.html>
> www.freeradius.org
> The world's leading RADIUS server. The project includes a GPL AAA server,
> BSD licensed client and PAM and Apache modules. Full support is available
> from NetworkRADIUS.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
Hi, yes i do it, and the administrator is administrator
________________________________
De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan Buxey <alan.buxey@gmail.com>
Enviado: miércoles, 13 de diciembre de 2017 04:03 p.m.
Para: FreeRadius users mailing list
Asunto: Re: winbindd_priv dont exist
So, do you have those values set to yes?
Also, see the other message in the output about authentication.... You need
to bind with correct user/pass and privileges. Is your user really administraor
, (or is that a typo?)
On 13 Dec 2017 6:42 pm, "Carlos Bordon" <cgermanb@live.com.ar> wrote:
> i undertand, but I do not know where else to search, if i change the ip of
> ldap server i see the change, but with chase nothing happend, comment or
> uncomment is the same error.
>
>
> Sorry for the inconvenience, but I'm really stuck
>
>
> this a complete debug
>
> Wed Dec 13 15:39:14 2017 : Debug: (1) Received Access-Request Id 185 from
> 127.0.0.1:37200 to 127.0.0.1:1812 length 82
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Name = "administraor"
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Password = "H23dMclc"
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-IP-Address = 172.18.98.201
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-Port = 2
> Wed Dec 13 15:39:14 2017 : Debug: (1) Message-Authenticator =
> 0x564e81c3f590c00a02ef6d81e5a1631b
> Wed Dec 13 15:39:14 2017 : Debug: (1) session-state: No State attribute
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing section authorize from
> file /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) authorize {
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy filter_username {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) -> TRUE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) ->
> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ )
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # if (&User-Name) = notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy filter_username =
> notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [preprocess] = ok
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [chap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [mschap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [digest] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: Checking for suffix after "@"
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No '@' in User-Name =
> "administraor", looking up realm NULL
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No such realm "NULL"
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [suffix] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: No EAP-Message, not doing EAP
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [files] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (1):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92dd40
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (2):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92e630
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (3):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f090
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (4):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f980
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (0):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a8ec1f0
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (5):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): 0 of 0 connections in
> use. You may need to increase "spare"
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (6), 1 of 32 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Reserved connection (6)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL XLAT
> Wed Dec 13 15:39:14 2017 : Debug: (uid=%{%{Stripped-User-Name}:-
> %{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: literal --> (uid=
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-IF {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> Stripped-User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-ELSE {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: literal --> )
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND
> (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: --> (uid=administraor)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Performing search in
> "cn=Users,dc=*****,dc=net" with filter "(uid=administraor)", scope "sub"
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Waiting for search result...
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Failed performing search:
> Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module
> configuration for details.
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Server said: 00002020:
> Operation unavailable without authentication.
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Released connection (6)
> Wed Dec 13 15:39:14 2017 : Info: Need 2 more connections to reach min
> connections (3)
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (7), 1 of 31 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9737f0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [ldap] = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # authorize = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) Using Post-Auth-Type Reject
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing group from file
> /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) Post-Auth-Type REJECT {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: EXPAND
> %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: -->
> administraor
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: Matched
> entry DEFAULT at line 11
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [attr_filter.access_reject] =
> updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: Request didn't contain an
> EAP-Message, not inserting EAP-Failure
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy
> remove_reply_message_if_eap {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) else {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> calling noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> returned from noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [noop] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # else = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy
> remove_reply_message_if_eap = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # Post-Auth-Type REJECT = updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) Delaying response for 1.000000
> seconds
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.3 seconds.
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.6 seconds.
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sending delayed response
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sent Access-Reject Id 185 from
> 127.0.0.1:1812 to 127.0.0.1:37200 length 20
> Wed Dec 13 15:39:15 2017 : Debug: Waking up in 3.9 seconds.
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.
> freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com>
> Enviado: miércoles, 13 de diciembre de 2017 03:21 p.m.
> Para: FreeRadius users mailing list
> Asunto: Re: winbindd_priv dont exist
>
> On Dec 13, 2017, at 1:03 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
> >
> > I make a new installation on centos 7 and freeradius v3, but i get the
> same error
>
> Then you're still making the same mistake.
>
> > i follow this guide:
> >
> > https://commonworkspace.ru/article.php?id=38
FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://commonworkspace.ru/article.php?id=38>
commonworkspace.ru
Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS 7.
> FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://
> commonworkspace.ru/article.php?id=38>
> commonworkspace.ru
> Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS
> 7.
>
>
>
>
> The FreeRADIUS Wiki has extensive documentation on this subject.
> Please follow that.
>
> > rlm_ldap (ldap): Reserved connection (0)
>
>
> And you're posting the same debug output again. That doesn't help.
>
> This isn't difficult. The debug output tells you which files the server
> is reading. You need to read the debug output, and edit those files.
>
> If you're editing a text file on disk, FreeRADIUS will see those
> changes, and read them. There is no magic here. It's all basic Unix
> system administration.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
FreeRADIUS<http://www.freeradius.org/>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
> list/users.html
> Support & Services<http://www.freeradius.org/list/users.html>
> www.freeradius.org<http://www.freeradius.org>
> The world's leading RADIUS server. The project includes a GPL AAA server,
> BSD licensed client and PAM and Apache modules. Full support is available
> from NetworkRADIUS.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Dec 13, 2017, at 1:41 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
i undertand, but I do not know where else to search, if i change the ip of ldap server i see the change, but with chase nothing happend, comment or uncomment is the same error.
Then again... you're not editing the file that the server is reading.
Sorry for the inconvenience, but I'm really stuck
this a complete debug
No, it's not. It's PART of the debug output. Post the debug output. ALL OF IT. Post EVERY SINGLE LINE OF TEXT from the time you do "radiusd -X" until the server sends an Access-Reject. Odds are that the answer is in there. And you're ignoring it, because you don't think it's important. Alan DeKok.
Alan, the cokmplete debug, thanks ________________________________ De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar@lists.freeradius.org> en nombre de Alan DeKok <aland@deployingradius.com> Enviado: miércoles, 13 de diciembre de 2017 04:05 p.m. Para: FreeRadius users mailing list Asunto: Re: winbindd_priv dont exist On Dec 13, 2017, at 1:41 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
i undertand, but I do not know where else to search, if i change the ip of ldap server i see the change, but with chase nothing happend, comment or uncomment is the same error.
Then again... you're not editing the file that the server is reading.
Sorry for the inconvenience, but I'm really stuck
this a complete debug
No, it's not. It's PART of the debug output. Post the debug output. ALL OF IT. Post EVERY SINGLE LINE OF TEXT from the time you do "radiusd -X" until the server sends an Access-Reject. Odds are that the answer is in there. And you're ignoring it, because you don't think it's important. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
On Dec 13, 2017, at 2:21 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
the cokmplete debug, thanks
Again... please follow instructions. "radiusd -X", not "radiusd -Xx" or anything else. ... including configuration file /etc/raddb/mods-enabled/ldap And then: ldap { ... options { ldap_debug = 40 chase_referrals = yes rebind = yes net_timeout = 1 So that's good. And then: ERROR: (0) ldap: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details. I'll push a fix for 3.0.16 that doesn't complain if you've already set that. I can see why that's confusing. ERROR: (0) ldap: Server said: 00002020: Operation unavailable without authentication. So that should be instructive. Looking at the LDAP module configuration in /etc/raddb/mods-enabled/ldap, we see: # Administrator account for searching and possibly modifying. # If using SASL + KRB5 these should be commented out. # identity = 'cn=admin,dc=example,dc=org' # password = bypass So you should set that. Your AD server is configured to disallow anonymous binds. It requires a username / password. Alan DeKok.
participants (3)
-
Alan Buxey -
Alan DeKok -
Carlos Bordon