how to enable ldap during authentication

Tomasz Zieleniewski tzieleniewski at gmail.com
Thu Jan 24 09:42:14 CET 2008


Hi

Still something is wrong.

I have the following authorize section:
        authorize {
                preprocess

                auth_req_log

                suffix

                sql

                ldap

        }

I tried such authenticate sections:
        authenticate {

                Auth-Type LDAP {
                        ldap
                }

                Auth-Type Digest {
                        digest
                }

                Auth-Type PAP {
                        pap
                }
        }

        authenticate {

               ldap
        }

all the time I receive failed authentication,
what do I miss here?

hu Jan 24 09:40:35 2008 : Debug: rlm_ldap: - authorize
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing user authorization
for tzl
Thu Jan 24 09:40:35 2008 : Debug:     expand: (mail=%u at touk.pl) -> (mail=
tzl at touk.pl)
Thu Jan 24 09:40:35 2008 : Debug:     expand:
ou=Touki,ou=People,dc=touk,dc=pl -> ou=Touki,ou=People,dc=touk,dc=pl
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: performing search in
ou=Touki,ou=People,dc=touk,dc=pl, with filter (mail=tzl at touk.pl)
request 5 done
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: Added User-Password =
{MD5}SNNMxdM+Zfvr//0yEp0DuA== in check items
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for check items in
directory...
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute userPassword as
RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: user tzl authorized to use
remote access
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[authorize]: returned from ldap
(rlm_ldap) for request 3
Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
Thu Jan 24 09:40:35 2008 : Debug: auth: type Local
Thu Jan 24 09:40:35 2008 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Thu Jan 24 09:40:35 2008 : Debug: auth: Failed to validate the user.
Thu Jan 24 09:40:35 2008 : Auth: Login incorrect: [tzl/somepass] (from
client localhost port 0)
Thu Jan 24 09:40:35 2008 : Debug:   Found Post-Auth-Type Reject
Thu Jan 24 09:40:35 2008 : Debug: +- entering group REJECT
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 3
Thu Jan 24 09:40:35 2008 : Debug:     expand: %{User-Name} -> tzl
Thu Jan 24 09:40:35 2008 : Debug:  attr_filter: Matched entry DEFAULT at
line 11
Thu Jan 24 09:40:35 2008 : Debug:   modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 3
Thu Jan 24 09:40:35 2008 : Debug: ++[attr_filter.access_reject] returns
updated

regards
tomasz

2008/1/23 <tnt at kalik.co.yu>:

> Uncomment ldap in authenticate section.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 23/1/2008, "Tomasz Zieleniewski" <tzieleniewski at gmail.com> piše:
>
> >Hi,
> >
> >I am using version 2.0.2-pre
> >I would like to use ldap for freeradius authentication.
> >I couldn't find anything on web about this topic.
> >I have ldap module in the authorize section in my default virtual server.
> >I see in the debug that  ldap module returns ok during authorization
> >please point me what do I have to do to use ldap olso for authentication
> >
> >is it enough to put ldap invocation in authentication section?
> >below debug from authorization
> >
> >thanks a lot for any help!
> >regards
> >-tomasz
> >
> >rlm_ldap: waiting for bind result ...
> >request 1 done
> >rlm_ldap: Bind was successful
> >rlm_ldap: performing search in ou=Touki,ou=People,dc=touk,dc=pl, with
> filter
> >(mail=tzl at touk.pl)
> >request 2 done
> >rlm_ldap: Added User-Password = {MD5}SNNMxdM+Zfvr//0yEp0DuA== in check
> items
> >rlm_ldap: looking for check items in directory...
> >rlm_ldap: LDAP attribute userPassword as RADIUS attribute
> Cleartext-Password
> >== "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
> >rlm_ldap: looking for reply items in directory...
> >rlm_ldap: user tzl authorized to use remote access
> >rlm_ldap: ldap_release_conn: Release Id: 0
> >++[ldap] returns ok
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080124/9d6a2950/attachment.html>


More information about the Freeradius-Users mailing list