fr3+ldap = rad_send() failed: Invalid argument
Zeus Panchenko
zeus at ibs.dn.ua
Mon Jan 27 19:36:11 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hello,
please, help me to understand what am I missing ...
I am trying to get fr3 working with ldap as storage for users, profiles
and clients
while I was able to auth successfully on v.2, now after upgrade to 3.0.0
I am unable to get Access-Accept with radtest ...
> radtest -4 -x student2 ***** radius.es 100 testing123 0 radius.es
Sending Access-Request of id 23 from 0.0.0.0 port 24919 to 10.0.0.1 port 1812
User-Name = 'student2'
User-Password = '*****'
NAS-IP-Address = 10.0.0.1
NAS-Port = 100
Message-Authenticator = 0x00
...
radclient: no response from server for ID 23 socket 3
here is fr debug fragment:
- ---[ quotation start ]-------------------------------------------
rlm_ldap (ldap): Reserved connection (14)
(1) files : Using user DN from request "cn=student2,ou=users,ou=radius,dc=es"
(1) files : Checking user object membership (radiusGroupName) attributes
(1) files : Performing search in 'cn=student2,ou=users,ou=radius,dc=es' with filter '(null)'
(1) files : Waiting for search result...
(1) files : Processing group membership value "students"
(1) files : Processing group membership value "teachers"
(1) files : User found. Comparison between membership: name, check: name]
rlm_ldap (ldap): Released connection (14)
(1) files : users: Matched entry DEFAULT at line 7
(1) [files] = ok
rlm_ldap (ldap): Reserved connection (14)
(1) ldap : expand: "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(cn=student2)'
(1) ldap : expand: "ou=users,ou=radius,dc=es" -> 'ou=users,ou=radius,dc=es'
(1) ldap : Performing search in 'ou=users,ou=radius,dc=es' with filter '(cn=student2)'
(1) ldap : Waiting for search result...
(1) ldap : User object found at DN "cn=student2,ou=users,ou=radius,dc=es"
(1) ldap : control:Cleartext-Password := '*****'
(1) ldap : control:User-Profile := 'cn=students,ou=profiles,ou=radius,dc=es'
rlm_ldap (ldap): Released connection (14)
(1) [ldap] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) [pap] = updated
(1) } # authorize = updated
(1) Found Auth-Type = PAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) Auth-Type PAP {
(1) pap : login attempt with password "*****"
(1) pap : Using clear text password "*****"
(1) pap : User authenticated successfully
(1) [pap] = ok
(1) } # Auth-Type PAP = ok
...
Sending Access-Accept of id 23 from 10.0.0.1 port 1812 to 10.0.0.1 port 24919
rad_send() failed: Invalid argument
(1) ERROR: Failed sending reply:
(1) Finished request 1.
Waking up in 0.3 seconds.
- ---[ quotation end ]-------------------------------------------
and in addition, while the very auth is successfull as I can see,
profile attributes application to the user is not occuring (as it was
with v.2) ...
here is ldap module configuration:
- ---[ quotation start ]-------------------------------------------
ldap {
server = "localhost"
port = 389
password = "*****"
identity = "cn=ldapmaster,dc=es"
edir_autz = yes
user {
filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = "sub"
base_dn = "ou=users,ou=radius,dc=es"
access_positive = yes
}
group {
filter = "(objectClass=groupOfNames)"
scope = "sub"
base_dn = "ou=profiles,ou=radius,dc=es"
name_attribute = "cn"
membership_attribute = "radiusGroupName"
cacheable_name = no
cacheable_dn = no
}
client {
filter = "(objectClass=radiusClient)"
scope = "sub"
base_dn = "ou=clients,ou=radius,dc=es"
attribute {
identifier = "radiusClientIdentifier"
shortname = "radiusClientShortname"
secret = "radiusClientSecret"
}
}
profile {
filter = "(&(objectClass=radiusprofile)(ou=profile))"
}
options {
ldap_debug = 296
chase_referrals = yes
rebind = yes
net_timeout = 1
res_timeout = 20
srv_timelimit = 20
idle = 60
probes = 3
interval = 3
}
tls {
start_tls = no
}
}
- ---[ quotation end ]-------------------------------------------
can somebody advise, pls?
- --
Zeus V. Panchenko jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlLmpxsACgkQr3jpPg/3oyq5CQCfbhlkzaPhzwuxcj78BnAeBIsh
1PIAoOjcaDCyKH6znEfTW+eR6zDNGTiu
=6U/9
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list