FreeRadius 2.0.4 - problems with LDAP and Sonicwall...

aprotector aprotector at hotmail.com
Fri May 30 00:39:47 CEST 2008




Y-OH-Y wrote:
> 
> Did you uncomment lines containing "ldap" in the
> sites-enabled/default file (in the authorize and
> authenticate sections)?
> 

I'll take a look when I open it tomorrow. All of that is in the radiusd.conf
file? Or is there more in users or one of the other conf files?

aprotector



On May 29, 2008, at 2:34 PM, aprotector wrote:

>
> I've been trying to get my freeradius server to work with an  
> Netscape LDAP
> server and authenticate users when they connect via VPN to our  
> Sonicwall
> gateway. I have set the Sonicwall as a client so the radius  
> recognizes it
> and then adjusted the radiusd.conf. However, when I try to  
> authenticate an
> LDAP user from the sonicwall it will say the authentication failed  
> and the
> radius shows the following messages:
>
> ---------- (running in radiusd -X)
>
>        User-Name = "testuser"
>        User-Password = "testing"
>        NAS-IP-Address = sonicwallIP
>        NAS-Port = 0
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>  rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [testuser/testing] (from client sonicwall port 0)
>  Found Post-Auth-Type Reject
> +- entering group REJECT
>        expand: %{User-Name} -> testuser
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Waking up in 4.9 seconds.
>
> ----------
>
> If I uncomment a local user account on the Radius box and then try
> authenticating from the Sonicwall with this it will succeed. It just  
> doesn't
> seem to want to go to the LDAP server and then back to the  
> Sonicwall. Has
> anyone had any experience with this sort of setup, and might be able  
> to shed
> some light on how I can set it up to use LDAP for the authentication?
> --
> View this message in context:
> http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...-tp17544085p17544085.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



-- 
View this message in context: http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...-tp17544085p17547628.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list