Trying to integrate with LDAP

Fernando Barreto fernando.sg1 at
Thu Mar 14 01:00:34 CET 2013

hey, thanks for the quickly repply

changed in /modules/ldap

ldap {
        server = ""
#        identity = "cn=admin,dc=xxxxx,dc=edu,dc=br"
#        password = "123abc"
        basedn = "dc=ifsudeste,dc=edu,dc=br"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"

but still dont working

rad_recv: Access-Request packet from host port 46813, id=147, 
        User-Name = "user1"
        User-Password = "123"
        NAS-IP-Address =
        NAS-Port = 0
# Executing section authorize from file 
+- entering group authorize {...}
[ldap] performing user authorization for user1
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> user1
[ldap]  expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=user1)
[ldap]  expand: dc=xxxx,dc=edu,dc=br -> dc=xxxxx,dc=edu,dc=br
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=xxxxxx,dc=edu,dc=br, with filter 
  [ldap] object not found
[ldap] search failed
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting 
the user
Failed to authenticate the user.
Login incorrect (  [ldap] User not found): [user1/123] (from client 
localhost port 0)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> user1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds

on a tutorial says i need to put that on radiusd.conf:

ldap {
        server = ""
        identity = "cn=admin,dc=xxxxx,dc=edu,dc=br"
        password = "123abc"
        basedn = "ou=People,dc=xxxxx,dc=edu,dc=br"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
authenticate {

i really need to put that?

-----Mensagem Original----- 
From: Arran Cudbard-Bell
Sent: Wednesday, March 13, 2013 7:43 PM
To: FreeRadius users mailing list
Subject: Re: Trying to integrate with LDAP

On 13 Mar 2013, at 18:35, fernando.sg1 at wrote:

> Hey,
> first of all, sorry my poor english,
> im trying to integrate my LDAP server with the freeradius, before 2 days 
> searching on google i didnt solved the problem.
> when i use the command:
>  ldapsearch -b "ou=People,dc=xxxxxx,dc=edu,dc=br" -h 
> uid=user1 -D "cn=admin,dc=ifsudeste,dc=edu,dc=br" -W

Here were filtering using the attribute 'uid'

> [ldap] expand: %{User-Name} -> user1
> [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user1)
> [ldap] expand: ou=People,dc=xxxxx,dc=edu,dc=br -> 
> ou=People,dc=xxxxxxx,dc=edu,dc=br

And here were filtering using the attribute 'cn'

edit 'filter' in your ldap configuration file.

List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list