wireless - freeradius - MS ldap
Alhagie Puye
APuye at datawave.com
Tue Jan 3 18:25:00 CET 2006
Where is the rest of the debug output from the radius server? That
portion would be more helpful in trying to determine the problem...
Thanks,
Alhagie Puye - Network Engineer
Datawave Group of Companies
(604)295-1817
> >-----Original Message-----
> >From:
> >freeradius-users-bounces+apuye=datawave.com at lists.freeradius.
> >org
> >[mailto:freeradius-users-bounces+apuye=datawave.com at lists.fre
> >eradius.org] On Behalf Of Dickson, John
> >Sent: January 3, 2006 9:03 AM
> >To: FreeRadius users mailing list
> >Subject: RE: wireless - freeradius - MS ldap
> >
> >OK. In the radius.conf under module configuration I have "ldap"
> >information pointing to the LDAP server and the authentication fails.
> >First I run:
> > /usr/local/sbin/radiusd -X -A
> >With:
> >
> >[root at magellan john]# /usr/local/sbin/radiusd -X -A
> >Starting - reading configuration files ...
> >reread_config: reading radiusd.conf
> >Config: including file: /etc/raddb/clients.conf
> >Config: including file: /etc/raddb/snmp.conf
> >Config: including file: /etc/raddb/eap.conf
> >Config: including file: /etc/raddb/sql.conf
> > main: prefix = "/usr"
> > main: localstatedir = "/var"
> > main: logdir = "/var/log/radius"
> > main: libdir = "/usr/lib"
> > main: radacctdir = "/var/log/radius/radacct"
> > main: hostname_lookups = no
> > main: max_request_time = 30
> > main: cleanup_delay = 5
> > main: max_requests = 1024
> > main: delete_blocked_requests = 0
> > main: port = 0
> > main: allow_core_dumps = no
> > main: log_stripped_names = no
> > main: log_file = "/var/log/radius/radius.log"
> > main: log_auth = no
> > main: log_auth_badpass = no
> > main: log_auth_goodpass = no
> > main: pidfile = "/var/run/radiusd/radiusd.pid"
> > main: user = "nobody"
> > main: group = "nobody"
> > main: usercollide = no
> > main: lower_user = "no"
> > main: lower_pass = "no"
> > main: nospace_user = "no"
> > main: nospace_pass = "no"
> > main: checkrad = "/usr/sbin/checkrad"
> > main: proxy_requests = yes
> > security: max_attributes = 200
> > security: reject_delay = 1
> > security: status_server = no
> > main: debug_level = 0
> >read_config_files: reading dictionary
> >read_config_files: reading naslist
> >Using deprecated naslist file. Support for this will go away soon.
> >read_config_files: reading clients
> >read_config_files: reading realms
> >radiusd: entering modules setup
> >Module: Library search path is /usr/lib
> >Module: Loaded exec
> > exec: wait = yes
> > exec: program = "(null)"
> > exec: input_pairs = "request"
> > exec: output_pairs = "(null)"
> > exec: packet_type = "(null)"
> >rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> >Module: Instantiated exec (exec)
> >Module: Loaded expr
> >Module: Instantiated expr (expr)
> >Module: Loaded LDAP
> > ldap: server = "ssotest.mccsso.mccneb.edu"
> > ldap: port = 389
> > ldap: net_timeout = 1
> > ldap: timeout = 4
> > ldap: timelimit = 3
> > ldap: identity = "dmadmin1""
> > ldap: tls_mode = no
> > ldap: start_tls = no
> > ldap: tls_cacertfile = "(null)"
> > ldap: tls_cacertdir = "(null)"
> > ldap: tls_certfile = "(null)"
> > ldap: tls_keyfile = "(null)"
> > ldap: tls_randfile = "(null)"
> > ldap: tls_require_cert = "allow"
> > ldap: password = "rDkf at mh"
> > ldap: basedn = "ou=Metro users,dc=mccsso,dc=mccneb,dc=edu"
> > ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> > ldap: base_filter = "(objectclass=radiusprofile)"
> > ldap: default_profile = "(null)"
> > ldap: profile_attribute = "(null)"
> > ldap: password_header = "(null)"
> > ldap: password_attribute = "(null)"
> > ldap: access_attr = "dialupAccess"
> > ldap: groupname_attribute = "cn"
> > ldap: groupmembership_filter =
> >"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(obj
> >ectClass=Gr
> >oupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> > ldap: groupmembership_attribute = "(null)"
> > ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
> > ldap: ldap_debug = 0
> > ldap: ldap_connections_number = 5
> > ldap: compare_check_items = no
> > ldap: access_attr_used_for_allow = yes
> > ldap: do_xlat = yes
> >rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> >rlm_ldap: Registering ldap_xlat with xlat_name ldap
> >rlm_ldap: reading ldap<->radius mappings from file
> >/etc/raddb/ldap.attrmap
> >rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> >rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> >rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> >rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
> >Simultaneous-Use
> >rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
> >Called-Station-Id
> >rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
> >Calling-Station-Id
> >rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
> >rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
> >rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> >rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> >rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> >rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> >rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
> >Framed-IP-Address
> >rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
> >Framed-IP-Netmask
> >rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> >rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> >rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> >rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> >rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
> >Framed-Compression
> >rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> >rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> >rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> >rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> >rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> >rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
> >Framed-IPX-Network
> >rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> >rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> >rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> >rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
> >Termination-Action
> >rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
> >Login-LAT-Service
> >rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> >rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> >rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
> >Framed-AppleTalk-Link
> >rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
> >Framed-AppleTalk-Network
> >rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
> >Framed-AppleTalk-Zone
> >rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> >rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> >conns: 0x8d5c4d0
> >Module: Instantiated ldap (ldap)
> >Module: Loaded preprocess
> > preprocess: huntgroups = "/etc/raddb/huntgroups"
> > preprocess: hints = "/etc/raddb/hints"
> > preprocess: with_ascend_hack = no
> > preprocess: ascend_channels_per_line = 23
> > preprocess: with_ntdomain_hack = no
> > preprocess: with_specialix_jetstream_hack = no
> > preprocess: with_cisco_vsa_hack = no
> >Module: Instantiated preprocess (preprocess)
> >Module: Loaded Acct-Unique-Session-Id
> > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> >Client-IP-Address, NAS-Port"
> >Module: Instantiated acct_unique (acct_unique)
> >Module: Loaded realm
> > realm: format = "suffix"
> > realm: delimiter = "@"
> > realm: ignore_default = no
> > realm: ignore_null = no
> >Module: Instantiated realm (suffix)
> >Module: Loaded files
> > files: usersfile = "/etc/raddb/users"
> > files: acctusersfile = "/etc/raddb/acct_users"
> > files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> > files: compat = "no"
> >Module: Instantiated files (files)
> >Module: Loaded detail
> > detail: detailfile =
> >"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> >Module: Instantiated detail (detail)
> >Module: Loaded System
> > unix: cache = no
> > unix: passwd = "(null)"
> > unix: shadow = "/etc/shadow"
> > unix: group = "(null)"
> > unix: radwtmp = "/var/log/radius/radwtmp"
> > unix: usegroup = no
> > unix: cache_reload = 600
> >Module: Instantiated unix (unix)
> >Module: Loaded radutmp
> > radutmp: filename = "/var/log/radius/radutmp"
> > radutmp: username = "%{User-Name}"
> > radutmp: case_sensitive = yes
> > radutmp: check_with_nas = yes
> > radutmp: perm = 384
> > radutmp: callerid = yes
> >Module: Instantiated radutmp (radutmp)
> >Module: Loaded eap
> > eap: default_eap_type = "md5"
> > eap: timer_expire = 60
> > eap: ignore_unknown_eap_types = no
> > eap: cisco_accounting_username_bug = no
> >rlm_eap: Loaded and initialized type md5
> >rlm_eap: Loaded and initialized type leap
> > gtc: challenge = "Password: "
> > gtc: auth_type = "PAP"
> >rlm_eap: Loaded and initialized type gtc
> > mschapv2: with_ntdomain_hack = no
> >rlm_eap: Loaded and initialized type mschapv2
> >Module: Instantiated eap (eap)
> >Listening on authentication *:1812
> >Listening on accounting *:1813
> >Ready to process requests.
> >
> > radtest radtest Passw0rd name.domain.edu 1 testing123
> >
> >Sending Access-Request of id 116 to 10.1.1.27:1812
> > User-Name = "radtest"
> > User-Password = "Passw0rd"
> > NAS-IP-Address = name.domain.edu
> > NAS-Port =
> >
> >-----Original Message-----
> >From:
> >freeradius-users-bounces+jdickson2=mccneb.edu at lists.freeradius.org
> >[mailto:freeradius-users-bounces+jdickson2=mccneb.edu at lists.f
> >reeradius.o
> >rg] On Behalf Of Alan DeKok
> >Sent: Monday, January 02, 2006 4:56 PM
> >To: FreeRadius users mailing list
> >Subject: Re: wireless - freeradius - MS ldap
> >
> >"Dickson, John" <JDickson2 at mccneb.edu> wrote:
> >> I am looking for a little direction configuring a
> >Freeradius server
> >> that will authenticate wireless clients from Cisco to MS LDAP.
> >>
> >> 1.Wireless - 2.Cisco - 3.Radius - 4.Windows LDAP
> >>
> >> Looking to see if someone has already done this.
> >
> > Lots of people. See radiusd.conf. Look for "windows domain".
> >
> > Alan DeKok.
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request.
More information about the Freeradius-Users
mailing list