Integrate freeradius v1.1.6 and openLADP v2.3.32 for authorization and authentication

robin gong robin_gong at yahoo.com
Tue May 22 18:15:50 CEST 2007 

Thanks Pshem for your quick answer.

I expect answer like folowing 

"rlm_ldap: user jjeep authenticated succesfully
   modcall[authenticate]: module "ldap" returns ok"

But I got

"rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 0"

Thanks
Robin


Pshem Kowalczyk wrote:
> 
> Freeradius expects exactly one answer:
> rlm_ldap: object not found or got ambiguous search
> result
> 
> kind regards
> Pshem
> 
> On 22/05/07, xuebin gong <robin_gong at yahoo.com> wrote:
>> Hi, All,
>>
>> I am user and want to integrate freeradius v1.1.6 and
>> openLADP v2.3.32 for authorization and
>> authentication. Our operating system is Fedora 5
>> Linux.
>>
>> (1)Install freeRadius-1.1.6
>> After following the instruction of installation in
>> http://wwww.freeradius.org,
>> install freeRadius-1.1.6 on Fedora Linux 5, run radius
>> server in debug mode
>>
>>     radiusd -X
>> ......
>> Module: Instantiated radutmp (radutmp)
>> Listening on authentication *:1812
>> Listening on accounting *:1813
>> Ready to process requests.
>>
>> FreeRadius was installed succeefully.
>>
>> (2)Configure freeRadius-1.1.6
>>   (2.1) Configure radiusd.conf
>>       (2.1.1) LDAP module
>>        ldap{
>>            server = "10.0.0.118"
>>            identity = "cn=Manager,dc=mtcable,dc=net"
>>            password = mtncnl1970
>>            basedn = "dc=mtcable,dc=net"
>>            filter =
>> "uid=%{Stripped-User-Name:-%{User-Name}}"
>>            start_tls = no
>>            dictionary_mapping =
>> ${raddbdir}/ldap.attrmap
>>            ldap_connections_number = 5
>>            edir_account_policy_check=no
>>            timeout = 4
>>            timelimit = 3
>>            net_timeout = 1
>>       }
>>       (2.1.2) authorize module
>>       uncomment ldap  line
>>
>>       authorize{
>>            ......
>>            ldap
>>            ......
>>       }
>>
>>       (2.1.3) authenticate module
>>       uncomment block ldap block:
>>
>>       authenticate{
>>           ......
>>           Auth-Type LDAP {
>>                 ldap
>>           }
>>           ......
>>       }
>>
>>
>>   (2.2) edit /usr/local/etc/raddb/users
>>       Uncomment the following lines:
>>
>>       DEFAULT Auth-Type = LDAP
>>       Fall-Through = 1
>>
>> (3)Install openLDAP
>> (4)Configure openLDAP
>> (5)Add one LDAP entry for testing
>>
>> dn: uid=jjeep, ou=radius, rccd=AAA3140018f,
>> dc=mtcable,dc=net
>> userPassword:: aabbccdd
>> cn: jeep
>> uid: jjeep
>> radiusAuthType: local
>> radiusSimultaneousUse: 1
>> homeDirectory: //
>> objectClass: top
>> objectClass: posixAccount
>> objectClass: radiusprofile
>> uidNumber: 7012
>> gidNumber: 100
>>
>> After add this entry to LDAP, we reset the password to
>> "888888"
>>
>> (5)Test
>> After run test command line
>>
>>    radtest jjeep "888888" localhost 1 testing123
>>
>> The following is information from running Radiusd -X:
>>
>> ......
>>   rad_recv: Access-Request packet from host
>> 127.0.0.1:32771,
>> id=192, length=57
>>         User-Name = "jjeep"
>>         User-Password = "888888"
>>         NAS-IP-Address = 255.255.255.255
>>         NAS-Port = 1
>>   Processing the authorize section of radiusd.conf
>> modcall: entering group authorize for request 0
>>   modcall[authorize]: module "preprocess" returns ok
>> for request 0
>>   modcall[authorize]: module "chap" returns noop for
>> request 0
>>   modcall[authorize]: module "mschap" returns noop for
>> request 0
>>   rlm_realm: No '@' in User-Name = "jjeep", looking up
>> realm NULL
>>   rlm_realm: No such realm "NULL"
>>   modcall[authorize]: module "suffix" returns noop for
>> request 0
>>   rlm_eap: No EAP-Message, not doing EAP
>>   modcall[authorize]: module "eap" returns noop for
>> request 0
>>     users: Matched entry DEFAULT at line 153
>>   modcall[authorize]: module "files" returns ok for
>> request 0
>> rlm_ldap: - authorize
>> rlm_ldap: performing user authorization for jjeep
>> radius_xlat:  'uid=jjeep'
>> radius_xlat:  'dc=mtcable,dc=net'
>> rlm_ldap: ldap_get_conn: Checking Id: 0
>> rlm_ldap: ldap_get_conn: Got Id: 0
>> rlm_ldap: attempting LDAP reconnection
>> rlm_ldap: (re)connect to 10.0.0.118:389,
>> authentication 0
>> rlm_ldap: bind as cn=Manager,dc=mtcable,dc=net/mtncnl1
>>
>> 970 to 10.0.0.118:389
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind was successful
>> rlm_ldap: performing search in dc=mtcable,dc=net, with
>>
>>  filter uid=jjeep
>> rlm_ldap: object not found or got ambiguous search
>> result
>> rlm_ldap: search failed
>> rlm_ldap: ldap_release_conn: Release Id: 0
>>   modcall[authorize]: module "ldap" returns notfound
>> for req
>> uest 0
>> rlm_pap: WARNING! No "known good" password found for
>> the use
>> r.  Authentication may fail because of this.
>>   modcall[authorize]: module "pap" returns noop for
>> request0
>> modcall: leaving group authorize (returns ok) for
>> request 0
>>   rad_check_password:  Found Auth-Type LDAP
>> auth: type "LDAP"
>>   Processing the authenticate section of radiusd.conf
>> modcall: entering group LDAP for request 0
>> rlm_ldap: - authenticate
>> rlm_ldap: login attempt by "jjeep" with password
>> "888888"
>> radius_xlat:  'uid=jjeep'
>> radius_xlat:  'dc=mtcable,dc=net'
>> rlm_ldap: ldap_get_conn: Checking Id: 0
>> rlm_ldap: ldap_get_conn: Got Id: 0
>> rlm_ldap: performing search in dc=mtcable,dc=net, with
>>
>>  filter uid=jjeep
>> rlm_ldap: object not found or got ambiguous search
>> result
>> rlm_ldap: ldap_release_conn: Release Id: 0
>>   modcall[authenticate]: module "ldap" returns
>> notfound for
>> request 0
>> modcall: leaving group LDAP (returns notfound) for
>> request 0
>> auth: Failed to validate the user.
>> Login incorrect (rlm_ldap: User not found): [jjeep]
>> (from cl
>> ient localhost port 1)
>> Delaying request 0 for 1 seconds
>> Finished request 0
>> Going to the next request
>>
>> The following is logfile:
>>
>> ......
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 fd=17
>> ACCEPT from IP=10.0.0.118:35564 (IP=0.0.0.0:389)
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0 BIND
>> dn="cn=Manager,dc=mtcable,dc=net" method=128
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0 BIND
>> dn="cn=Manager,dc=mtcable,dc=net" mech=SIMPLE ssf=0
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=0
>> RESULT tag=97 err=0 text=
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1 SRCH
>> base="dc=mtcable,dc=net" scope=2 deref=0
>> filter="(uid=jjeep)"
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1 SRCH
>> attr=radiusNASIpAddress radiusExpiration acctFlags
>> ntPassword lmPassword radiusCallingStationId
>> radiusCalledStationId radiusSimultaneousUse
>> radiusAuthType radiusCheckItem radiusReplyMessage
>> radiusLoginLATPort radiusPortLimit
>> radiusFramedAppleTalkZone radiusFramedAppleTalkNetwork
>> radiusFramedAppleTalkLink radiusLoginLATGroup
>> radiusLoginLATNode radiusLoginLATService
>> radiusTerminationAction radiusIdleTimeout
>> radiusSessionTimeout radiusClass
>> radiusFramedIPXNetwork radiusCallbackId
>> radiusCallbackNumber radiusLoginTCPPort
>> radiusLoginService radiusLoginIPHost
>> radiusFramedCompression radiusFramedMTU radiusFilterId
>> radiusFramedRouting radiusFramedRoute
>> radiusFramedIPNetmask radiusFramedIPAddress
>> radiusFramedProtocol radiusServiceType radiusReplyItem
>>
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=1
>> SEARCH RESULT tag=101 err=0 nentries=3 text=
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2 SRCH
>> base="dc=mtcable,dc=net" scope=2 deref=0
>> filter="(uid=jjeep)"
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2 SRCH
>> attr=uid
>> May 17 12:09:13 dolphin slapd[2205]: conn=7 op=2
>> SEARCH RESULT tag=101 err=0 nentries=3 text=
>>
>> It looks like LDAP search successfully and found 3
>> entries, but redius server could not find any objects.
>>
>> What is wrong with my integration?
>>
>> Thanks In Advanced
>>
>> Robin
>>
>>
>>
>>
>> ____________________________________________________________________________________
>> Need Mail bonding?
>> Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
>> http://answers.yahoo.com/dir/?link=list&sid=396546091
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/Integrate-freeradius-v1.1.6-and-openLADP-v2.3.32-for-authorization-and-authentication-tf3792209.html#a10741506
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list