problem configuring freeradius with ldap user database
Alan DeKok
aland at deployingradius.com
Sat Jun 14 09:22:30 CEST 2008
Sambuddho Chakravarty wrote:
> I am experiencing a problem while trying to authenticate the
> username/password in LDAP through a freeradius server. While a regular
> telnet/ssh to the edge running a openLdap client / PAM module works fine
> (It is able to authenticate) but the problem arises when trying to
> authenticate using the freeradius server .
>
> This is what the log message looks like :
>
> User-Name = "try"
> User-Password = "trialanderror"
> NAS-IP-Address = 127.0.0.1
...
> rlm_ldap: performing search in ou=People,dc=example,dc=com, with filter
> (uid=try)
> rlm_ldap: Added password {crypt}$1$2Pl0Lm5O$ot8mrXYBaAg12RoBogNDK. in
> check items
If you do NOTHING more than configure "ldap" in the default
configuration, this should work.
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
You're not using 2.0, and you've edited the default configuration. DO
use a recent version. DON'T edit the configuration to re-arrange the
modules in the "authorize" section.
> Here you can see that the authorization of a user 'try' having password
> 'trialanderror' works fine but authentication fails. The host running
> the freeradius server is Fedora Core 5 running linux 2.6.25.
The OS doesn't matter. The version of FreeRADIUS does.
It seems you're using 1.1.x. You should at LEAST upgrade to 1.1.7.
Then, un-comment the references to LDAP, and configure the LDAP module.
The test WILL work.
Alan DeKok.
More information about the Freeradius-Users
mailing list