Freeradius and LDAP : to be continued

Christophe Gravier christophe.gravier at univ-st-etienne.fr
Wed Dec 14 18:52:01 CET 2005


Alan DeKok wrote:

>Christophe Gravier <christophe.gravier at univ-st-etienne.fr> wrote:
>  
>
>>auth: type "LDAP"
>>  Processing the authenticate section of radiusd.conf
>>modcall: entering group Auth-Type for request 0
>>rlm_ldap: - authenticate
>>rlm_ldap: Attribute "User-Password" is required for authentication. 
>>Cannot use "CHAP-Password".
>>    
>>
>
>  You're using LDAP as an authentication server.  Don't do that.  Use
>LDAP to store passwords.
>
>  i.e. remove the "ldap" entry from the "authenticate" section.  Get
>radtest to work.  Once that works, Chillispot will work, too.
>
>  Alan DeKok.
>
>  
>

That makes sense indeed.

Removing the ldap entry, radtest no longer works of course.

But as you already said
there : 
http://lists.cistron.nl/pipermail/freeradius-users/2004-October/037625.html
and there: 
http://lists.cistron.nl/pipermail/freeradius-users/2004-September/036629.html 
:

  List "ldap" in the "authorize" section.  It's already there, just
un-comment it.

  And DON'T set "Aut-Type := LDAP".


So I did
        #  The ldap module will set Auth-Type to LDAP if it has not
        #  already been set
        ldap
and comment set "Aut-Type := LDAP"

But it's just not working !

The trace interesting:
[...]
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ist-guizay.univ-st-etienne.fr:389, authentication 0
rlm_ldap: bind as / to ist-guizay.univ-st-etienne.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=person,o=istase,c=fr, with filter 
(uid=gravier.christophe)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gravier.christophe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "gravier.christophe", looking up 
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 157
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gravier.christophe
radius_xlat:  '(uid=gravier.christophe)'
radius_xlat:  'ou=person,o=istase,c=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=person,o=istase,c=fr, with filter 
(uid=gravier.christophe)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gravier.christophe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"

  ERROR: Unknown value specified for Auth-Type.  Cannot perform 
requested action.
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
[...]



>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
>


-- 
Christophe Gravier
Laboratoire DIOM, groupe SATIn - Doctorant
ISTASE - Ingénieur d'études
Perso: http://perso.univ-st-etienne.fr/gravchri/
SATIn: http://www.istase.com/satin
Tel : 04 7748 5034
A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html




More information about the Freeradius-Users mailing list