Configuring LDAP for query ONLY...
Eric Martell
workoutexcite at yahoo.com
Tue Dec 4 18:43:07 CET 2007
I am extremely sorry. Looks like it created new thread
with same title.
Really apologized. Admin's please merge the thread.
Eric.
--- Eric Martell <workoutexcite at yahoo.com> wrote:
> Hi,
> Is it possible to altogether avoid authenticate
> section and just do ldap lookups in the authorize
> section?
>
> authorize {
> ldap {
> notfound = reject
> }
> }
>
> The problem is in the authenticate section, radius
> gets the userDN from the authorize and tries to
> "bind"
> ldap with password which we don't have.
>
> I also tried in users file
> Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2`
>
> But for some reason it is not working.
>
> Please help.
>
> Let me know if you need more information or please
> guide me to any documentation.
>
> Thanks and Regards,
> Eric.
>
>
>
>
>
> --- Eric Martell <workoutexcite at yahoo.com> wrote:
>
> > I am little bit confused as how to configure
> > radiusd.conf in the authorize and/or authenticate
> > section. So password is going to act like ldap
> > attribute.
> >
> > We are going to pass, username and ldap attribute
> > (home phone #) as input for each user.
> >
> > The way it is configured now is in the modules,
> >
> > ldap {
> > server = "10.11.12.2"
> > identity = "cn=Manager,dc=eng,dc=com"
> > password = answer2
> > basedn = "dc=eng,dc=com"
> >
> > filter =
> >
>
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))"
> > // just for testing
> >
> > ldap_connections_number = 5
> >
> > timeout = 4
> >
> > timelimit = 3
> >
> > net_timeout = 1
> >
> > }
> >
> >
> >
> >
> >
> > authorize {
> > ..
> > ..
> > ..
> > ldap
> > ...
> >
> > }
> >
> > authenticate {
> > Auth-Type LDAP {
> > ldap
> > }
> > }
> >
> >
> > In the logs it says:
> >
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for test1
> > radius_xlat: '(&(uid=test1)(phone=1231313128))'
> > radius_xlat: 'dc=eng,dc=com'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: attempting LDAP reconnection
> > rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2
>
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: Bind was successful
> > rlm_ldap: performing search in dc=eng,dc=com, with
> > filter (&(uid=test1)(phone=1231313128))
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user test1 authorized to use remote
> access
> >
> >
> > this is good....
> > But in the authenticate section
> >
> >
> > rlm_ldap: - authenticate
> > rlm_ldap: login attempt by "test1" with password
> > "1231313128"
> > rlm_ldap: user DN: id=1967816, dc=eng,dc=com
> > rlm_ldap: bind as id=1967816,
> > dc=eng,dc=com/1231313128
> >
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: id=1967816, dc=eng,dc=com bind to
> > 10.11.12.2:389 failed Inappropriate authentication
> > rlm_ldap: ldap_connect() failed
> >
> >
> >
> > Not sure why it is trying to bind as id=1967816,
> > dc=eng,dc=com/1231313128
> >
> > The only thing I want to do it, just authorize the
> > ldap and pass the user through.
> >
> >
> > Please let me know if I am missing something.
> >
> > Thanks so much.
> >
> > Regards,
> > Erik.
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Be a better sports nut! Let your teams follow you
>
> > with Yahoo Mobile. Try it now.
> >
>
http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
> >
>
>
>
>
>
____________________________________________________________________________________
> Get easy, one-click access to your favorites.
> Make Yahoo! your homepage.
> http://www.yahoo.com/r/hs
>
____________________________________________________________________________________
Be a better pen pal.
Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/
More information about the Freeradius-Users
mailing list