rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf

Fri Nov 21 11:01:02 CET 2008

Hi all :

I have install freeradius-server-2.1.1 and I want use LDAP to do
authentication.

But when I using "radius -X" to start the radius server ,and in the client I
using "radtest ldapuser ldapuser radius_server_ip 0 secret" ,

The server shown the message :

 rad_recv: Access-Request packet from host radius_client_ip port 35833,
id=168, length=60

        User-Name = "ldapuser"

        User-Password = "ldapuser"

        NAS-IP-Address = 127.0.0.1

        NAS-Port = 0

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "ldapuser", looking up realm NULL

[suffix] Found realm "NULL"

[suffix] Adding Realm = "NULL"

[suffix] Authentication realm is LOCAL.

++[suffix] returns ok

[eap] No EAP-Message, not doing EAP

++[eap] returns noop

++[files] returns noop

++[unix] returns updated

[sql]   expand: %{User-Name} -> ldapuser

[sql] sql_set_user escaped user --> 'ldapuser'

rlm_sql (sql): Reserving sql socket id: 2

[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck
WHERE username = 'ldapuser'           ORDER BY id

[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'ldapuser'
ORDER BY priority

rlm_sql (sql): Released sql socket id: 2

[sql] User ldapuser not found

++[sql] returns notfound

[ldap] performing user authorization for ldapuser

[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details

[ldap]  expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ldapuser)

[ldap]  expand: o=My Org,c=UA -> o=My Org,c=UA

rlm_ldap: ldap_get_conn: Checking Id: 0

rlm_ldap: ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to localhost:389, authentication 0

rlm_ldap: bind as cn=Manager,o=My Org,c=UA/hsuan to localhost:389

rlm_ldap: waiting for bind result ...

rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf

rlm_ldap: (re)connection attempt failed

[ldap] search failed

rlm_ldap: ldap_release_conn: Release Id: 0

++[ldap] returns fail

Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0)

Using Post-Auth-Type Reject

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} -> ldapuser

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 2 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 2

Sending Access-Reject of id 168 to radius_server_ip port 35833

Waking up in 4.9 seconds.

Cleaning up request 2 ID 168 with timestamp +1020

The error looks like "rlm_ldap: LDAP login failed: check identity, password
settings in ldap section of radiusd.conf

rlm_ldap: (re)connection attempt failed , 

what's the problem ??

"

Regards,

Vicky

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081121/95acd972/attachment.html>