V1.10 File and LDAP Problems

Gerry Dalton gerry.dalton at consolidated.com
Fri Feb 24 06:05:09 CET 2006


I have installed Freeradius 1.10, on Solaris 8.  Using default 
radiusd.conf, and users file, added a couple of users.  Tested and I 
am able to auth my testme user.  I then add in the LDAP module, and 
un-comment ldap places in the radiusd.conf file.  I again try to auth 
the same user who is in the user text file, and I can not auth that user.

No other changes, just put the ldap directives in and it seems to 
break text file auth.  I need to have the capability to fall back to 
text file of users in case the LDAP server is not 
available/problems/etc.  Below are traces from each test.  Note in 
the second test, that I know the login to the LDAP server is not 
valid, but this simulates the server being broken etc.  I have also 
tested with a valid connection and get the same results.

DEGUG FOLLOWS:--------------------------------------------------------------

WORKING:  The ldap module is not enabled in the radiusd.conf file:

Ready to process requests.
rad_recv: Access-Request packet from host 10.0.90.32:2016, id=61, length=46
         User-Name = "testme"
         User-Password = "123456"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
     users: Matched entry testme at line 142
   modcall[authorize]: module "files" returns ok for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
     rlm_realm: No '@' in User-Name = "testme", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
   rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [testme] (from client Dallas port 0)
Sending Access-Accept of id 61 to 10.0.90.32 port 2016
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 61 with timestamp 43fe2e2d
Nothing to do.  Sleeping until we see a request.


NOT WORKING:

Ready to process requests.
rad_recv: Access-Request packet from host 10.0.90.32:2017, id=62, length=46
         User-Name = "testme"
         User-Password = "123456"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
     users: Matched entry testme at line 142
   modcall[authorize]: module "files" returns ok for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testme
radius_xlat:  '(sAMAccountname=testme)'
radius_xlat:  'dc=consolidated,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.0.60.177:389, authentication 0
rlm_ldap: bind as cn=someuser,cn=Users,dc=ourcompany,dc=com/secret to 
10.0.xx.xxx:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, password settings in 
ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 62 with timestamp 43fe2e82
Nothing to do.  Sleeping until we see a request.









Gerry Dalton, Network System Support
Consolidated Communications
Cell:   214 532-1905





More information about the Freeradius-Users mailing list