Freeradius and LDAP : to be continued
Christophe Gravier
christophe.gravier at univ-st-etienne.fr
Wed Dec 14 18:52:01 CET 2005
Alan DeKok wrote:
>Christophe Gravier <christophe.gravier at univ-st-etienne.fr> wrote:
>
>
>>auth: type "LDAP"
>> Processing the authenticate section of radiusd.conf
>>modcall: entering group Auth-Type for request 0
>>rlm_ldap: - authenticate
>>rlm_ldap: Attribute "User-Password" is required for authentication.
>>Cannot use "CHAP-Password".
>>
>>
>
> You're using LDAP as an authentication server. Don't do that. Use
>LDAP to store passwords.
>
> i.e. remove the "ldap" entry from the "authenticate" section. Get
>radtest to work. Once that works, Chillispot will work, too.
>
> Alan DeKok.
>
>
>
That makes sense indeed.
Removing the ldap entry, radtest no longer works of course.
But as you already said
there :
http://lists.cistron.nl/pipermail/freeradius-users/2004-October/037625.html
and there:
http://lists.cistron.nl/pipermail/freeradius-users/2004-September/036629.html
:
List "ldap" in the "authorize" section. It's already there, just
un-comment it.
And DON'T set "Aut-Type := LDAP".
So I did
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
ldap
and comment set "Aut-Type := LDAP"
But it's just not working !
The trace interesting:
[...]
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ist-guizay.univ-st-etienne.fr:389, authentication 0
rlm_ldap: bind as / to ist-guizay.univ-st-etienne.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=person,o=istase,c=fr, with filter
(uid=gravier.christophe)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gravier.christophe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "gravier.christophe", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 157
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for gravier.christophe
radius_xlat: '(uid=gravier.christophe)'
radius_xlat: 'ou=person,o=istase,c=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=person,o=istase,c=fr, with filter
(uid=gravier.christophe)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gravier.christophe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
ERROR: Unknown value specified for Auth-Type. Cannot perform
requested action.
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
[...]
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
Christophe Gravier
Laboratoire DIOM, groupe SATIn - Doctorant
ISTASE - Ingénieur d'études
Perso: http://perso.univ-st-etienne.fr/gravchri/
SATIn: http://www.istase.com/satin
Tel : 04 7748 5034
A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html
More information about the Freeradius-Users
mailing list