John Dennis jdennis at redhat.com
Mon Jun 24 20:32:54 CEST 2013

On 06/24/2013 02:01 PM, Julian Macassey wrote:
>> I don't follow what you're doing. Is your radius server on
>>, the same as your client? 
> 	My radius server is:
> 	My ldap server is:
>> Because it looks like your
>> sending your access-request to the client, not the server (unless
>> they're both the same box). If they are the same box then make sure port
>> 1812 is open. 

I don't know what to say, you've got a lot of misconceptions going on
and as far as I can figure you you haven't tried to read the
documentation. For starters:

You need to send radius requests to the radius server but you're sending
them to your ldap server (huh???)

radius client != ldap, radius client == nas

You need to configure radius to work with ldap, but you haven't done
that. You have to uncomment the ldap module from
/etc/raddb/sites-enabled/default in the authorize section and also
configure your ldap values in /etc/raddb/modules/ldap. You haven't done
either of those.

I'm afraid I can't help anymore, you need to start helping yourself
first, pay attention to what you're doing, don't fail about, start with
a vanilla configuration, put it under source control so you can revert,
make only one change at a time, change only what you understand, and
read the doc, most of it is inside the config files themselves.

>> Also your NAS-IP-Address in your request is not your
>> client address of
> 	I note that. But I have that in my
> /etc/freeradius/clients.conf file:
> client plumgrid-ldap1 {
> #       # secret and password are mapped through the "secrets"
> #       file.
>         secret = d1sc0verplum
>         shortname = ldap
> #       # the following three fields are optional, but may be
> #       used by
> #       # checkrad.pl for simultaneous usage checks
>         ipaddr =
>         nastype     = other
> ##      login       = !root
> #       password    = someadminpas
> }
> -----
>> Also, seems like an odd address, localhost is normally
>>, what's in your /etc/hosts file?
> 	This seems to be an ubuntu oddity.
> I have modified it
>	localhost plumgrid-radius1.plumgrid.com plumgrid-radius1
> #	plumgrid-radius1.plumgrid.com	plumgrid-radius1
> 	Yet, I still get in my freeradius radtest.
> 	I can still ping
> --
> plumgrid-radius1:freeradius root#> ping
> PING ( 56(84) bytes of data.
> 64 bytes from icmp_req=1 ttl=64 time=0.032 ms
> 64 bytes from icmp_req=2 ttl=64 time=0.035 ms
> -----
>> Also I don't see what this has to do with ldap, nothing as far as I can
>> tell.
> 	Well, I have a a radius server that I would like to use
> the ldap server to authenticate. It works using localhost and the
> users file.

More information about the Freeradius-Users mailing list