an infamous LDAP-FreeRadius question
mda at unb.ca
Tue Jul 11 16:10:12 CEST 2006
Thanks for the links. I've seen a few before and have gone over them again
this morning. I'm not sure where I have misconfigured something.
When I try to connect via 802.1x from a wireless client my Radius server
debgging looks like below. Obviously the TLS session is not being setup
correctly. I'm wondering about the private_key_password attribute. I just
set it to "whatever" but that needs to correspond to a user on the LDAP
server doesn't it? I'm not sure that's been set up.
Any helpful ideas/comments are greatly appreciated. Thanks!
mda at unb.ca
rad_recv: Access-Request packet from host x.x.x.201:6001, id=4, length=117
User-Name = "mda"
NAS-IP-Address = x.x.x.201
Called-Station-Id = "00-02-2d-47-01-c4"
Calling-Station-Id = "00-0e-35-36-48-f2"
NAS-Identifier = "AP3WJD"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02040008016d6461
Message-Authenticator = 0x3453e92189034ccc69804159f1c574e6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "mda", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 4 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 153
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mda
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldapserver2:389, authentication 0
rlm_ldap: setting TLS CACert File to
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: starting TLS
rlm_ldap: could not start TLS Connect error
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 0
modcall: group authorize returns fail for request 0
Finished request 0
Going to the next request
Integrated Technology Services
University of New Brunswick
mda at unb.ca
From: Zoltan Ori [mailto:z.ori at morehead-st.edu]
Sent: July 11, 2006 10:44 AM
To: mda at unb.ca; FreeRadius users mailing list
Subject: Re: an infamous LDAP-FreeRadius question
On Tuesday 11 July 2006 07:24, Matt Ashfield wrote:
> I have LDAP configured and can do a cleartext radius authentication using
> username/passwords (using radtest). What I'd like to do is take the next
> step and do 802.1x authentication for my windows clients and I suppose
> that's where I was hoping to find some cleancut instructions on this as
> I've seen quite a bit of threads concerning this but as mentioned in my
> initial email, they can be tough to follow.
There is no shortage of information available. There are links to HOW TO on
www.freeradius.org main page for 802.1x and EAP
Read the docs on rlm_eap which has LDAP info. That can be found in your
sources as well as on the wiki.
Also, see this document
More information about the Freeradius-Users