Problems using freeradius with ldap
Sergio Belkin
sbelki at palermo.edu
Mon Sep 3 22:42:37 CEST 2007
I have problem when in Fedora 4 (sadly in my job I cannot change this) using
radtest against LDAP
Packages version:
openldap-servers-2.2.29-1.FC4
openldap-clients-2.2.29-1.FC4
openldap-2.2.29-1.FC4
freeradius-1.0.4-1.FC4.1
This is part of /etc/raddb/radiusd.conf:
ldap {
server = "localhost"
basedn = "ou=people,dc=mydomain,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize {
chap
mschap
suffix
eap
files
ldap
checkval
}
And this a portion of /etc/raddb/users:
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Auth-Type = LDAP
Fall-Through = 1
I've appended the schemas in /etc/openldap/slapd.conf:
/usr/share/doc/freeradius-1.0.4/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.4/RADIUS-LDAP.schema
Well, when I issue radtest in debug mode I get:
radtest testuser sample localhost 0 testing123
Sending Access-Request of id 88 to 127.0.0.1:1812
User-Name = "testuser"
User-Password = "sample"
NAS-IP-Address = host.mydomain.com
NAS-Port = 0
rad_recv: Access-Request packet from host 127.0.0.1:42077, id=88, length=58
User-Name = "testuser"
User-Password = "sample"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 155
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(uid=testuser)'
radius_xlat: 'ou=people,dc=mydomain,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=mydomain,dc=com, with filter
(uid=testuser)
rlm_ldap: Added password sample in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module "unix" returns notfound for request 2
modcall: group authenticate returns notfound for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 88 to 127.0.0.1:42077
Waking up in 4 seconds...
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=88, length=20
17:20:33 [root at spike] /etc/raddb
$ --- Walking the entire request list ---
Cleaning up request 2 ID 88 with timestamp 46dc6c8f
Nothing to do. Sleeping until we see a request.
Please could you lend me a hand to resolv this issue?
Thanks in advance!
--
Sergio Belkin
Comunicación e Internet
More information about the Freeradius-Users
mailing list