freeradius ldap connector
jerrrry at voila.fr
jerrrry at voila.fr
Fri Mar 9 09:30:53 CET 2007
Hi,
you can see the debug. there are 7 searches for an uid that doesn't exist in the ldap directory:
rlm_ldap: - authorize
rlm_ldap: performing user authorization for X06dfdgdg
radius_xlat: '(uid=X06dfdgdg)'
radius_xlat: 'ou=PERSONNES,o=sg'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldaps://ldap-homo.sesme.group.scen, authentication 0
rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cat-caconcerto-sogepa ss.pem
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: bind as sgzoneid=guards,ou=eloit,ou=personnes,o=sg/ghkhkk to ldaps: //ldap-homo.sesame.group.socgen
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 116
modcall[authorize]: module "files" returns ok for request 0
modcall: group group returns ok for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=PERSONNES,o=sg'
radius_xlat: '(uid=X06dfdgdg)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 116
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect (rlm_ldap: User not found): [X06dfdgdg] (from client sdfsfds por t 1 cli 192.18.136.19)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 165 to 192.18.136.44:1812
Reply-Message = "forbidden."
Waking up in 4 seconds...
> Message du 06/03/07 à 11h58
> De : "Michael Mitchell"
> A : "FreeRadius users mailing list"
> Copie à :
> Objet : Re: freeradius ldap connector
>
> jerrrry at voila.fr wrote:
> > I notice that Freeradius tries 6 times to find a user in my LDAP
> > directory when this user doesn't existe.
> >
>
> err, really? During authorisation (where a search is performed by a priviledged user) or during authentication (where an attempt may be made to bind to LDAP as the customer)?
>
> What does the debug say? (run radiusd with the -X flag).
>
>
> > Is there a mean to make freeradius tries only one time ?
>
> It only tries once for me, but I only do LDAP "authorisation".
>
> regards,
> Mike
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070309/7afb152c/attachment.html>
More information about the Freeradius-Users
mailing list