FreeRadius 2.0.4 - problems with LDAP and Sonicwall...

Anders Holm anders.holm at sysadmin.ie
Fri May 30 22:33:56 CEST 2008


No, you've missed out letting the RADIUS server be allowed to talk to your
LDAP server ... Or starting it at least .. :)

> rlm_ldap:  bind to localhost:389 failed: Can't contact LDAP server

If they can't talk, I don't think it'll matter much about anything else ..
Now, don't take my word for it as I've never used FreeRadius with an LDAP
server, but I think you may want that to start with ..

//anders

-----Original Message-----
From: freeradius-users-bounces+anders.holm=sysadmin.ie at lists.freeradius.org
[mailto:freeradius-users-bounces+anders.holm=sysadmin.ie at lists.freeradius.or
g] On Behalf Of aprotector
Sent: 30 May 2008 01:11
To: freeradius-users at lists.freeradius.org
Subject: Re: FreeRadius 2.0.4 - problems with LDAP and Sonicwall...


Yeah, totally missed that. Sorry.

Finally I see a new message! Anything error is better than the other one. :)

After I ran it this time from the Sonicwall with the LDAP user account it
gave me:

-----------

rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
        expand: (uid=%u) -> (uid=testuser)
        expand: o=notexist -> o=notexist
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap:  bind to localhost:389 failed: Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [testuser/testing
 (from client sonicwall port 0)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> testuser
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Waking up in 4.9 seconds.

-----------

So it seems like it's stripping out the user properly where it has the name
'testuser' but then there is the o=notexist. Have I missed a configuration
parameter where I'm setting the search base?
-- 
View this message in context:
http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...
-tp17544085p17548827.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list