Freeradius 1.1.0 and rlm_ldap

futhwo futhwo at gmail.com
Thu Feb 2 15:38:26 CET 2006 

Hi
I use an AAA infrastructure based on FreeRADIUS, OpenLDAP and pam on  
some freebsd machines.
All worked fine untill i upgraded FreeRADIUS form 1.0.5 to 1.1.0.

 From there on i cannot authenticate because the Auth-Type attribute  
is no more valorized to LDAP by the ldap module during authorize  
section.

This is the error:

rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 85.239.184.44:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as / to 85.239.184.44:636
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ifom-ieo-campus,dc=it, with filter  
(uid=futhwo)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusServiceType as Service-Type, value Shell-User  
& op=11
rlm_ldap: extracted attribute Cisco-AVPair from generic item cisco- 
avpair="shell:priv-lvl=15"
rlm_ldap: user futhwo authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the  
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds

and this is the definition of ldap module in radiusd.conf:

         ldap {
                 server = "XX.XX.XX.XX"
                 port = 636
                 basedn = "dc=ifom-ieo-campus,dc=it"
                 start_tls = no
                 dictionary_mapping = ${raddbdir}/ldap.attrmap
	        ldap_connections_number = 5
                 groupmembership_filter = "(memberuid=%{User-Name})"
                 access_attr_used_for_allow = no
                 set_auth_type = yes
           }

I tried also to change the last 2 directives but it didn't worked.  
Another thing i tried (as can be seen in the output) is to set the  
attribute radiusAuthType to "ldap" in the user entry, and/or to set  
the directive "authtype = LDAP" in the module definition but still  
didn't work

Lurking in the dictionaries,i found this in  
dictionary.freeradius.internal:

VALUE   Auth-Type                       CHAP                    1025
# 1026 was LDAP, but we deleted it.  Adding it back will break the
# ldap module.
VALUE   Auth-Type                       PAM                     1027

as he author said manually adding the Auth-Type ldap definition  
prevent the server from starting.

So if the Auth-Type LDAP is no more defined,how can i perform  
authentication against a LDAP server?

Thanks in advance to who will help me
Regards
Ivan

More information about the Freeradius-Users mailing list