FR + AD + Vlans + LDAP help

Jacob Jarick mem.namefix at gmail.com
Tue Apr 17 08:48:14 CEST 2007 

radiusd -X -A output: http://pastebin.ca/444131
radius.conf: http://pastebin.ca/444132

OK Ive sorted  that pesky ntlm_auth error, but I have encountered a
new 1 (at least its something new :D ).

The specific part of the error is below.

rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.1.1.11:389, authentication 0
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as
cn=freeradius,ou=admins,ou=radius,dc=tfxschool,dc=com/frpass to
10.1.1.11:389
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns fail for request 1
modcall: leaving group authorize (returns fail) for request 1

It complains about my password in radius.conf. Here is the section in question:

ldap {
	# !! I assume that mydomain is replaced with desired domain.

	server = 10.1.1.11
	identity = cn=freeradius,ou=admins,ou=radius,dc=tfxschool,dc=com
	password = frpass
	#this is the basedn to do searches on a user
	basedn = ou=users,ou=radius,dc=tfxschool,dc=com
	#notice the username is the stripped user-name or user-name
	filter = (uid=%{Stripped-User-Name:-{User-Name}})
	start_tls = no
	tls_mode = no
	#this maps ldap attributetypes to radius attributes
	dictionary_mapping = ${raddbdir}/ldap.attrmap
	ldap_cache_timeout = 120
	ldap_cache_size = 0
	ldap_connections_number = 10
	#password_header = {clear}

	#While integrating FreeRADIUS with Novell eDirectory, set
	#'password_attribute = nspmpassword' in order to use the universal password
	#of the eDirectory users for RADIUS authentication. This will work only if
	#FreeRADIUS is configured to build with --with-edir option.

	password_attribute = frpass

I have created the user freeradius on the win2k3 server, added him to
the groups admins and radius and set the password to frpass.

All insights and suggestions welcome.

More information about the Freeradius-Users mailing list