Found Auth-Type = LDAP WARNING: Unknown value specified for Auth-Type.
i am using freeradius 2.1.7 on centos 5.5, i have configured openldap and wish to have authentication/authorization against this datasource. i have configured my radius.conf as follows: authorize { preprocess files ldap } # authenticate { Auth-Type LDAP { ldap } } i have configured my users file as follows: test55 Cleartext-Password := "test55" DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type := LDAP Fall-Through = 1 i have configured my modules/ldap file as follows: ldap { server = "localhost" identity = "cn=Manager,dc=example,dc=com" password = secret basedn = "ou=users,dc=example,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${raddbdir}/ldap.attrmap password_attribute = userPassword } i have setup openldap with a user in users.example.com called testldap with a cleartext password of testldap when i run “radtest testldap testldap localhost 10 testing123” the out put is as follows: rad_recv: Access-Request packet from host 127.0.0.1 port 40626, id=223, length=60 User-Name = "testldap" User-Password = "testldap" NAS-IP-Address = 172.16.159.11 NAS-Port = 10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testldap", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 212 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = LDAP WARNING: Unknown value specified for Auth-Type. Cannot perform requested action. Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testldap attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 223 to 127.0.0.1 port 40626 Waking up in 4.9 seconds. Cleaning up request 0 ID 223 with timestamp +4 Ready to process requests. line 212 is my “DEFAULT Auth-Type := LDAP” line in the users file no connection attempt is made against my openldap server. I do not understand why i get the following error: Found Auth-Type = LDAP WARNING: Unknown value specified for Auth-Type. Cannot perform requested action. i can tell you when i use radtest with the test55 user directly defined in the users file, it works, also, when I use a unix user in the passwd/shadow files it also works. there also appears to be no entry in the dictonary file about ldap, but i don’t yet know enough to know if that is relevant. please assist, i wish to understand why this radtest does not work when all the documentation I can find as I currently understand them suggest it should work. Neal
Neal Vadekar wrote:
i am using freeradius 2.1.7 on centos 5.5, i have configured openldap and wish to have authentication/authorization against this datasource.
i have configured my radius.conf as follows:
... almost everything deleted. Why?
i have configured my users file as follows:
test55 Cleartext-Password := "test55" DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type := LDAP Fall-Through = 1
That makes no sense. You're forcing "system" authentication, immediately followed by over-writing that, and forcing LDAP authentication.
when i run “radtest testldap testldap localhost 10 testing123” the out put is as follows:
rad_recv: Access-Request packet from host 127.0.0.1 port 40626, id=223, length=60 User-Name = "testldap" User-Password = "testldap" NAS-IP-Address = 172.16.159.11 NAS-Port = 10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop
That should be a hint. The server is using "chap" in the "authorize" section. *But* the "chap" module is not listed in the "authorize" section you posted above.
I do not understand why i get the following error:
Found Auth-Type = LDAP WARNING: Unknown value specified for Auth-Type. Cannot perform requested action.
Because you're not editing the configuration files that the server is reading. Read the debug log. It prints out *which* files it's reading. Compare that list to the files you're editing.
i can tell you when i use radtest with the test55 user directly defined in the users file, it works, also, when I use a unix user in the passwd/shadow files it also works.
Which should be another hint. The "authorize" and "authenticate" sections you posted don't support "unix" authentication. Alan DeKok.
participants (2)
-
Alan DeKok -
Neal Vadekar