FreeRadius 2.0.4 - problems with LDAP and Sonicwall...
Yeargan Yancey
yancey at unt.edu
Thu May 29 21:52:42 CEST 2008
I don't see anything in the log here about ldap.
It jumps from [logintime] to [pap].
Did you uncomment lines containing "ldap" in the
sites-enabled/default file (in the authorize and
authenticate sections)?
Yancey
On May 29, 2008, at 2:34 PM, aprotector wrote:
>
> I've been trying to get my freeradius server to work with an
> Netscape LDAP
> server and authenticate users when they connect via VPN to our
> Sonicwall
> gateway. I have set the Sonicwall as a client so the radius
> recognizes it
> and then adjusted the radiusd.conf. However, when I try to
> authenticate an
> LDAP user from the sonicwall it will say the authentication failed
> and the
> radius shows the following messages:
>
> ---------- (running in radiusd -X)
>
> User-Name = "testuser"
> User-Password = "testing"
> NAS-IP-Address = sonicwallIP
> NAS-Port = 0
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [testuser/testing] (from client sonicwall port 0)
> Found Post-Auth-Type Reject
> +- entering group REJECT
> expand: %{User-Name} -> testuser
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Waking up in 4.9 seconds.
>
> ----------
>
> If I uncomment a local user account on the Radius box and then try
> authenticating from the Sonicwall with this it will succeed. It just
> doesn't
> seem to want to go to the LDAP server and then back to the
> Sonicwall. Has
> anyone had any experience with this sort of setup, and might be able
> to shed
> some light on how I can set it up to use LDAP for the authentication?
> --
> View this message in context: http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...-tp17544085p17544085.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list