radius user queries for uid anonymous in ldap
Sergio Belkin
sebelk at gmail.com
Thu Dec 4 12:24:12 CET 2008
2008/12/3 Alan DeKok <aland at deployingradius.com>:
> Sergio Belkin wrote:
>> Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap
>> log, I wonder why radius "bothers" to query for anonymous uid and not
>> only for uid into the tunnel
>
> Because you configured the ldap module *outside* of the tunnel, too.
> If you don't list it in sites-enabled/default, it will only do queries
> for inside of the TLS tunnel.
Thanks Alan!
That solved it. Now it remains a little problem on radiusd.log:
Thu Dec 4 09:07:51 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec 4 09:07:51 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec 4 09:10:41 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec 4 09:10:41 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec 4 09:12:14 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec 4 09:12:14 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec 4 09:14:30 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec 4 09:14:30 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec 4 09:18:09 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec 4 09:18:09 2008 : Info: rlm_ldap: Attempting reconnect
What are these problem from? radius or ldap?
ldap module config is as follows:
ldap {
server = "ldap.palermo.edu"
identity = "cn=freeradius,ou=applications,dc=palermo,dc=edu"
password = somepass
basedn = "ou=people,dc=palermo,dc=edu"
filter = "(uid=%u)"
ldap_connections_number = 1
timeout = 60
timelimit = 120
net_timeout = 10
tls {
cacertfile = /etc/raddb/cacert.pem
randfile = /dev/urandom
}
access_attr = "radiusAllowed"
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
EOF
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Freeradius-Users
mailing list