freeradius3 ldap module
ferdinando
bunkertor at tiscali.it
Tue Oct 29 02:48:23 CET 2013
hi all
im trying to make fr3 running with ldap support against samba4 but
something goes wrong... i only need to check the ldap group membership
of wifi user, defined in users file.
this is the log:
....
# Instantiating module "ldap" from file
/usr/local/app/freeradius-3.1.0/etc/raddb/mods-enabled/ldap
ldap {
server = "dc01.bunkertor.local"
port = 389
password = "Polo1976."
identity =
"CN=auth_radius,OU=services,OU=lan,DC=bunkertor,DC=local"
user {
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = "sub"
base_dn = "dc=bunkertor,dc=local"
access_positive = yes
}
group {
filter = "(objectClass=posixGroup)"
scope = "sub"
base_dn = "dc=bunkertor,dc=local"
name_attribute = "cn"
membership_attribute = "memberOf"
membership_filter =
"(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
cacheable_name = no
cacheable_dn = no
}
client {
filter = "(objectClass=frClient)"
scope = "sub"
base_dn = "dc=bunkertor,dc=local"
attribute {
identifier = "radiusClientIdentifier"
shortname = "cn"
secret = "radiusClientSecret"
}
}
profile {
filter = "(&)"
}
options {
ldap_debug = 40
chase_referrals = yes
rebind = yes
net_timeout = 1
res_timeout = 20
srv_timelimit = 20
idle = 60
probes = 3
interval = 3
}
tls {
start_tls = no
}
}
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
}
post-auth {
reference = "."
}
rlm_ldap (ldap): Initialising connection pool
pool {
start = 5
min = 4
max = 10
spare = 3
uses = 0
lifetime = 0
cleanup_delay = 5
idle_timeout = 60
spread = no
}
rlm_ldap (ldap): Opening additional connection (0)
rlm_ldap (ldap): Opening connection failed (0)
rlm_ldap (ldap): Removing connection pool
/usr/local/app/freeradius-3.1.0/etc/raddb/mods-enabled/ldap[8]:
Instantiation failed for module "ldap"
....
checking samba4 log i cannot see any connection attemps.
thats wierd, becouse:
root at radius:/usr/local/app/freeradius-3.1.0/sbin# ldapsearch -LLL -H
ldap://dc01 -x -D
'CN=auth_radius,OU=services,OU=lan,DC=bunkertor,DC=local' -w Polo1976.
-b 'dc=bunkertor,dc=local' samaccountname=wifi_user
dn: CN=wifi_user,OU=users,OU=lan,DC=bunkertor,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: wifi_user
givenName: wifi_user
instanceType: 4
whenCreated: 20131011091034.0Z
displayName: wifi_user
uSNCreated: 4348
name: wifi_user
objectGUID:: 84lCIUpEDEK7C4g5/Zj9xA==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAbnIRzvzJQRP8xGLfawQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: wifi_user
sAMAccountType: 805306368
userPrincipalName: wifi_user at bunkertor.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=bunkertor,DC=local
pwdLastSet: 130259562340000000
userAccountControl: 66048
memberOf:
CN=grp_wifi,OU=service-groups,OU=groups,OU=lan,DC=bunkertor,DC=local
msSFU30NisDomain: bunkertor
uidNumber: 10010
loginShell: /bin/sh
unixHomeDirectory: /home/wifi_user
gidNumber: 3000022
msSFU30Name: wifi_user
uid: wifi_user
whenChanged: 20131011091113.0Z
uSNChanged: 4355
distinguishedName: CN=wifi_user,OU=users,OU=lan,DC=bunkertor,DC=local
# refldap://bunkertor.local/CN=Configuration,DC=bunkertor,DC=local
# refldap://bunkertor.local/DC=DomainDnsZones,DC=bunkertor,DC=local
# refldap://bunkertor.local/DC=ForestDnsZones,DC=bunkertor,DC=local
....
i cannot understand where is the mistake.... =(
thanks in advance for help.
bye.
More information about the Freeradius-Users
mailing list