Problems freeradius and samba4
ricardobarbosams
spiderslack at yahoo.com.br
Mon Jun 10 21:29:51 CEST 2013
Hi all.
I trying deploy the environment beetween freeradius and samba4 for
wireless network. The topology follow bellow.
access point <----> freeradius server <-----> server samba4
I setting the access point for authenticate in freeradius server and
freeradius using ldap e authenticate in samba4, but not work
follow bellow log server freeradius:
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap] expand: (&(objectClass=user)(sAMAccountName=%{User-Name})) ->
(&(objectClass=user)(sAMAccountName=user))
[ldap] expand: dc=batlab,dc=corp -> dc=batlab,dc=corp
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] closing existing LDAP connection
[ldap] (re)connect to 192.168.0.4:389, authentication 0
[ldap] bind as CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp/xxxx
to 192.168.0.4:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=batlab,dc=corp, with filter
(&(objectClass=user)(sAMAccountName=user))
[ldap] ldap_search() failed: Operations error
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [user/<no User-Password attribute>] (from client
192.168.0.200 port 0 cli 001f3a528f60)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> user
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
I note this ldapsearch executed successfull
# ldapsearch -LLL -h 192.168.0.4 -b dc=batlab,dc=corp -D
user2 at batlab.corp -W '(&(objectClass=user)(sAMAccountName=user))'
dn: CN=user test,OU=noc,OU=batlab,DC=batlab,DC=corp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: user test
instanceType: 4
whenCreated: 20130404161519.0Z
displayName: user test
uSNCreated: 3728
name: user test
objectGUID:: x9uu1FOl70u8ovEwuZ72Rw==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA2w3N/Xfij4HyH/nmUQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: user
sAMAccountType: 805306368
userPrincipalName: user at batlab.corp
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=batlab,DC=corp
pwdLastSet: 130095657200000000
userAccountControl: 66048
memberOf: CN=Administrators,CN=Builtin,DC=batlab,DC=corp
memberOf: CN=Domain Admins,CN=Users,DC=batlab,DC=corp
memberOf: CN=Enterprise Admins,CN=Users,DC=batlab,DC=corp
memberOf: CN=g_noc,OU=noc,OU=batlab,DC=batlab,DC=corp
mail: user at batlab.ufms.br
whenChanged: 20130427195156.0Z
uSNChanged: 4204
distinguishedName: CN=user test,OU=noc,OU=batlab,DC=batlab,DC=corp
I noticed that the ldap Samba4 does not possess the attribute
user-password, is this the cause?
My settings:
Ubuntu Linux 12.04.2
Access Point: Linksys Cisco wrtp54g
Any ideas.
Regards
More information about the Freeradius-Users
mailing list