freeradius ldap auth "sort of" working ?
Greetings. I have a problem with freeradius using ldap to auth, here are my system specs: Centos 6 64bit freeradius installed from repo
rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64
radtest fails
radtest testuser_1 "letmein_1" localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = "testuser_1" User-Password = "letmein_1" NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c
i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance, Horatiu
Hi,
and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c
please post to the list - avoids more work at this end. the output shows this: Found Auth-Type = LDAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by "testuser_1" with password "letmein_1" [ldap] user DN: uid=testuser_1,ou=People,dc=vps03,dc=local [ldap] (re)connect to 127.0.0.1:389, authentication 1 [ldap] bind as uid=testuser_1,ou=People,dc=vps03,dc=local/letmein_1 to 127.0.0.1:389 [ldap] waiting for bind result ... [ldap] Bind failed with invalid credentials ++[ldap] returns reject
i don't understand. it auths but then it doesn't.. the final result is not successful
it does a SEARCH for authorization. finds some details...then it checks authentication...and doesnt work. verify that you can connect/verify with this user/password combo. LDAP is not an authentication method..its just an oracle of data really alan
On 1 Jul 2013, at 12:27, Horatiu Nimigean <horatiu.nimigean@ddnet.ro> wrote:
Greetings. I have a problem with freeradius using ldap to auth, here are my system specs:
Centos 6 64bit freeradius installed from repo
rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64
radtest fails
radtest testuser_1 "letmein_1" localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = "testuser_1" User-Password = "letmein_1" NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c
i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance,
No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set "set_auth_type = no" in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Arran Cudbard-Bell -
Horatiu Nimigean