MS LDAP connect OK users not found

Dickson, John JDickson2 at mccneb.edu
Fri Jan 6 21:54:30 CET 2006 

You probably want to read the proxy.conf file and add your realm if you
haven't already.  Actually, you should read and understand what *all* of
the files in the raddb dir are for.

We use mysql, not ldap, but I'm guessing the uid in ldap is listed as
"radtest", not "radtest at xxx1.xxx2.edu".  So the ldap lookup is failing.

In my sql.conf there is an option to use stripped UserName attributes.
See if you have something like that in your ldap.conf file in raddb.
You may need to adjust it.

Alternately, make all your uids in ldap user at domain instead of just
user.


It seems that the only hurdle is to pass authentication from the
freeradius to the windowz ldap server....I just can't get it done.

Here is the output from the requesting terminal on the radius server:
Sending Access-Request of id 153 to 10.1.1.27:1812
        User-Name = "testing"
        User-Password = "Passw0rd"
        NAS-IP-Address = magellan.xxxx1.xxxx2.edu
        NAS-Port = 0

...and on the radius terminal debug output....:

Thread 1 handling request 0, (1 handled so far)
        User-Name = "testing"
        User-Password = "Passw0rd"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
radius_xlat:  '(uid=testing)'
radius_xlat:  'ou=Users,dc=xxxx1,dc=xxxx2,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to XXXX1.XXXX2.EDU:389, authentication 0
rlm_ldap: bind as sususu at XXXX1.XXXX2.EDU/rDkf at mh to XXXX1.XXXX2.EDU:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=Users,dc=XXXX1,dc=XXXX2,dc=edu, with
filter (uid=testing)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: group authenticate returns notfound for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 10.1.1.27:32816, id=153,
length=59
Sending Access-Reject of id 153 to 10.1.1.27:32816
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 153 with timestamp 43bed7b1
Nothing to do.  Sleeping until we see a request

--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list