Found Auth-Type = LDAP WARNING: Unknown value specified for Auth-Type.

Neal Vadekar osinstructor at gmail.com
Mon Nov 15 06:23:31 CET 2010 

i am using freeradius 2.1.7 on centos 5.5, i have configured openldap
and wish to have authentication/authorization against this datasource.

i have configured my radius.conf as follows:

authorize {
   preprocess
   files
   ldap
}
#
authenticate {
   Auth-Type LDAP {
       ldap
   }
}

i have configured my users file as follows:

test55    Cleartext-Password := "test55"
DEFAULT Auth-Type = System
   Fall-Through = 1
DEFAULT Auth-Type := LDAP
   Fall-Through = 1

i have configured my modules/ldap file as follows:

ldap {
   server = "localhost"
   identity = "cn=Manager,dc=example,dc=com"
   password = secret
   basedn = "ou=users,dc=example,dc=com"
   filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
   ldap_connections_number = 5
   timeout = 4
   timelimit = 3
   net_timeout = 1
   tls {
       start_tls = no
   }
   dictionary_mapping = ${raddbdir}/ldap.attrmap
   password_attribute = userPassword
}

i have setup openldap with a user in users.example.com called testldap
with a cleartext password of testldap

when i run “radtest testldap testldap localhost 10 testing123” the out
put is as follows:

rad_recv: Access-Request packet from host 127.0.0.1 port 40626,
id=223, length=60
       User-Name = "testldap"
       User-Password = "testldap"
       NAS-IP-Address = 172.16.159.11
       NAS-Port = 10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testldap", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 212
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = LDAP
 WARNING: Unknown value specified for Auth-Type.  Cannot perform
requested action.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> testldap
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 223 to 127.0.0.1 port 40626
Waking up in 4.9 seconds.
Cleaning up request 0 ID 223 with timestamp +4
Ready to process requests.

line 212 is my “DEFAULT Auth-Type := LDAP” line in the users file

no connection attempt is made against my openldap server.

I do not understand why i get the following error:

Found Auth-Type = LDAP
 WARNING: Unknown value specified for Auth-Type.  Cannot perform
requested action.

i can tell you when i use radtest with the test55 user directly
defined in the users file, it works, also, when I use a unix user in
the passwd/shadow files it also works.  there also appears to be no
entry in the dictonary file about ldap, but i don’t yet know enough to
know if that is relevant.

please assist, i wish to understand why this radtest does not work
when all the documentation I can find as I currently understand them
suggest it should work.

Neal

More information about the Freeradius-Users mailing list