Configuring LDAP for query ONLY...

Eric Martell workoutexcite at yahoo.com
Tue Dec 11 17:09:14 CET 2007


Hi Phil,
  I installed the latest freeradius-1.1.7. I put the
line 
> >      set_auth_type = no in ldap module
to ignore the authentication. But for some reason I
get the following error in the log. 

rlm_ldap: user test1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for
request 0
modcall: leaving group authorize (returns ok) for
request 0
auth: No authenticate method (Auth-Type) configuration
found for the request: Rejecting the user
auth: Failed to validate the user.



I commented out 
#DEFAULT  Auth-Type := Local
         #Session-Timeout = 7200,
         #Fall-Through = Yes

and #DEFAULT        Auth-Type = System
#       Session-Timeout = 7200,
#       Fall-Through = 1

from the users file as I don't have anything in the
local or in the system. All the checks are with ldap
lookups.

Please let me know if I am missing something.

Thanks and Regards,
Eric.


--- Eric Martell <workoutexcite at yahoo.com> wrote:

> Thanks so much Phil. I am using freeradius-1.0.4
> 
> I am going to install the latest version and will
> try
> your suggestion.
> 
> Thanks and Regards.
> Eric.
> 
> 
> --- Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> 
> > Eric Martell wrote:
> > > Hi,
> > >   Is it possible to altogether avoid
> authenticate
> > > section  and just do ldap lookups in the
> authorize
> > > section?
> > > 
> > > authorize {
> > >    ldap {
> > >      notfound = reject
> > >    }
> > > }
> > > 
> > > The problem is in the authenticate section,
> radius
> > > gets the userDN from the authorize and tries to
> > "bind"
> > > ldap with password which we don't have.
> > > 
> > > I also tried in users file
> > > Ldap-UserDN :=
> `cn=Manager,dc=eng,dc=com/answer2` 
> > 
> > Assuming you are using a recent version of
> > FreeRadius, you can do one of 
> > the following:
> > 
> > modules {
> >    ldap {
> >      ...
> >      set_auth_type = no
> >    }
> > }
> > 
> > authorize {
> >    preprocess
> >    ldap
> >    pap
> > }
> > 
> > authenticate {
> >    Auth-Type PAP {
> >      pap
> >    }
> > }
> > 
> > 
> > 
> 
> 
> 
>      
>
____________________________________________________________________________________
> Be a better pen pal. 
> Text or chat with friends inside Yahoo! Mail. See
> how.  http://overview.mail.yahoo.com/
> 



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping



More information about the Freeradius-Users mailing list