freeradius + ldap

Ana Gallardo ana.gallardo.77 at gmail.com
Thu Dec 2 09:09:51 CET 2010 

Josip, thanks for your response.


Add LDAP into the authenticate section, so that it simply tries to re-bind
> with the provided credentials? Like this:
>
>        Auth-Type LDAP {
>                ldapPerson
>        }
>

I try this configuration too, but it doesn't work for me. Freeradius doesn't
set the value to Auth-Type attribute. I thik that this is because the
userPassword attribute is only visible to each particular user when binds.

rad_recv: Access-Request packet from host X.X.X.X port 49621, id=130,
length=58
    User-Name = "aigallardo at unex.es"
    User-Password = "XXXX"
server test {
# Executing section authorize from file /etc/freeradius/sites-enabled/test
+- entering group authorize {...}
[suffix] Looking up realm "unex.es" for User-Name = "aigallardo at unex.es"
[suffix] Found realm "unex.es"
[suffix] Adding Stripped-User-Name = "aigallardo"
[suffix] Adding Realm = "unex.es"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
[ldapPerson] performing user authorization for aigallardo
[ldapPerson]     expand: %{Stripped-User-Name} -> aigallardo
[ldapPerson]     expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=aigallardo)
[ldapPerson]     expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es
  [ldapPerson] ldap_get_conn: Checking Id: 0
  [ldapPerson] ldap_get_conn: Got Id: 0
  [ldapPerson] attempting LDAP reconnection
  [ldapPerson] (re)connect to ldap.unex.es:389, authentication 0
  [ldapPerson] bind as / to ldap.unex.es:389
  [ldapPerson] waiting for bind result ...
  [ldapPerson] Bind was successful
  [ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter
(uid=aigallardo)
[ldapPerson] No default NMAS login sequence
[ldapPerson] looking for check items in directory...
[ldapPerson] looking for reply items in directory...
  [ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez,Dpto.
Tecno. Computadores y Comuni.,,"
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldapPerson] user aigallardo authorized to use remote access
  [ldapPerson] ldap_release_conn: Release Id: 0
++[ldapPerson] returns ok
++[expiration] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
} # server test


Thank you very much and sorry for my english.



++ Ana Gallardo Gómez ++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101202/5fd14380/attachment.html>

More information about the Freeradius-Users mailing list