Freeradius2 + LDAP of Lotus Notes

rrperez rrperez at apc.edu.ph
Fri Aug 13 10:36:20 CEST 2010


I have configured the /etc/raddb/modules/ldap and added an identity (although
I don't if it works), but still it can't find a password for the user.

Here is the debug:

rad_recv: Access-Request packet from host 127.0.0.1 port 37784, id=118,
length=63
        User-Name = "kim.almarez"
        User-Password = "k1m.alma"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for kim.almarez
[ldap]  expand: %{Stripped-User-Name} -> 
[ldap]  expand: %{User-Name} -> kim.almarez
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=kim.almarez)
[ldap]  expand: O=SMPRIME -> O=SMPRIME
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to notes2.ho.sm.ph:389, authentication 0
rlm_ldap: bind as CN=Administrator,O=SMPRIME/ to notes2.ho.sm.ph:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldap] user kim.almarez authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> kim.almarez
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 118 to 127.0.0.1 port 37784
Waking up in 4.9 seconds.
Cleaning up request 0 ID 118 with timestamp +2
Ready to process requests.


I guess rlm_ldap can't find a password attribute on the ldap of Lotus Notes.
-- 
View this message in context: http://old.nabble.com/Freeradius2-%2B-LDAP-of-Lotus-Notes-tp29426192p29426699.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list