OpenLdap + Freeradius on centos 6.5 Not working
Vishesh kumar
linuxtovishesh at gmail.com
Thu May 14 12:15:13 CEST 2015
Thanks for your response Alan,
below are the logs I am getting in case of failure,
++++++++++++++++++++
rad_recv: Access-Request packet from host 10.0.30.51 port 52267, id=241,
length=174
User-Name = "radtest"
NAS-IP-Address = 10.0.30.51
NAS-Identifier = "24a43ce6fc81"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-E7-FC-81:XXXX_Mgmt"
Calling-Station-Id = "AC-38-70-99-E4-XX"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027e000c0172616474657374
Message-Authenticator = 0xc9d515710f90d967171e7bff8e9b4d7d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[ldap] performing user authorization for radtest
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for detail
s
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> radtest
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=radtest)
[ldap] expand: ou=people,dc=xxxx,dc=local -> ou=people,dc=xxxx,dc=local
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 127.0.0.1:389, authentication 0
[ldap] bind as / to 127.0.0.1:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in ou=people,dc=xxxx,dc=local, with filter
(uid=radt
est)
[ldap] checking if remote access for radtest is allowed by uid
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "10"
[ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = 802
[ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is
configured correctly?
[ldap] user radtest authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested ac
tion.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 241 to 10.0.30.51 port 52267
Tunnel-Private-Group-Id:0 = "10"
Tunnel-Medium-Type:0 = 802
Tunnel-Type:0 = VLAN
Waking up in 4.9 seconds.
Cleaning up request 0 ID 241 with timestamp +17
Ready to process requests.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mapping is done as below
#cat /etc/raddb/ldap.attrmap
checkItem User-Password userPassword
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Thanks
Vishesh Kumar
On Thu, May 14, 2015 at 3:14 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> 'Please let me know if I am doing anything wrong here'
>
> Yes. You're not looking at the debug log for when it's failing from the
> client. You gave us the basic results from the radtest (which is PAP) .
> look at the logs for when your client is failing. If you cannot proceed
> yourself then post those logs to the list for help. Likely that either your
> ldap isn't supporting the password method or that you haven't used the
> right ldap/radius attribute maps
>
> alan
--
Regards,
Vishesh Kumar
http://linuxmantra.com
More information about the Freeradius-Users
mailing list