radius user queries for uid anonymous in ldap

Sergio Belkin sebelk at gmail.com
Wed Dec 3 12:06:49 CET 2008 

Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap
log, I wonder why radius "bothers" to query for anonymous uid and not
only for uid into the tunnel



Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 fd=15 ACCEPT from
IP=123.45.67.89:56075 (IP=0.0.0.0:636)
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 fd=15 TLS established
tls_ssf=256 ssf=256
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 BIND
dn="cn=freeradius,ou=applications,dc=cadorna,dc=edu" method=128
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 BIND
dn="cn=freeradius,ou=applications,dc=cadorna,dc=edu" mech=SIMPLE ssf=0
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=0 RESULT tag=97 err=0 text=
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SRCH
base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0
filter="(uid=anonymous)"
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SRCH
attr=radiusPassword radiusAllowed
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=1 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SRCH
base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0
filter="(uid=anonymous)"
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SRCH
attr=radiusPassword radiusAllowed
Dec  3 08:54:26 sinclair slapd[11285]: conn=1264 op=2 SEARCH RESULT
tag=101 err=0 nentries=0 text=
Dec  3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SRCH
base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0
filter="(uid=glinde)"
Dec  3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SRCH
attr=radiusPassword radiusAllowed
Dec  3 08:54:27 sinclair slapd[11285]: conn=1264 op=3 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Dec  3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SRCH
base="ou=people,dc=cadorna,dc=edu" scope=2 deref=0
filter="(uid=jinfan)"
Dec  3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SRCH
attr=radiusPassword radiusAllowed
Dec  3 08:54:28 sinclair slapd[11285]: conn=1264 op=4 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Dec  3 08:55:05 sinclair slapd[11285]: conn=1264 fd=15 closed (idletimeout)


Does make sense to query for anonymous?

Thanks in advance

Thanks in advance!
-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -

More information about the Freeradius-Users mailing list