Trying to integrate with LDAP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Mar 14 04:41:41 CET 2013
On 13 Mar 2013, at 22:03, fernando.sg1 at gmail.com wrote:
> now at the PC, i can write better:
>
> 1st: shout i uncoment this 2 lines on /modules/ldap
> # identity = "cn=admin,dc=xxxxx,dc=edu,dc=br"
> # password = "123abc"
> ?
Um yes if you need to do an authenticated bind to search in the directory.
>
> i tryed both configs with ou=People or without and dont work.
>
>
> uncomenting the 2 lines i get this on freeradius -X:
>
> [ldap] performing user authorization for user1
> [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> [ldap] ... expanding second conditional
> [ldap] expand: %{User-Name} -> user1
> [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=user1)
> [ldap] expand: ou=People,dc=xxxx,dc=edu,dc=br -> ou=People,dc=xxxxxx,dc=edu,dc=br
> [ldap] ldap_get_conn: Checking Id: 0
> [ldap] ldap_get_conn: Got Id: 0
> [ldap] attempting LDAP reconnection
> [ldap] (re)connect to 200.131.96.47:389, authentication 0
> [ldap] bind as cn=admin,dc=xxxxxx,dc=edu,dc=br/123abc to 200.131.96.47:389
> [ldap] waiting for bind result ...
> [ldap] Bind was successful
> [ldap] performing search in ou=People,dc=xxxxx,dc=edu,dc=br, with filter (uid=user1)
> [ldap] checking if remote access for user1 is allowed by uid
> [ldap] No default NMAS login sequence
> [ldap] looking for check items in directory...
> [ldap] userPassword -> Password-With-Header == "{MD5}ICy5YqxZB1uWSwcVLSNLcA=="
> [ldap] looking for reply items in directory...
> [ldap] Setting Auth-Type = LDAP
> [ldap] user user1 authorized to use remote access
>
Which seems to be correct?
-Arran
More information about the Freeradius-Users
mailing list