OpenLdap + Freeradius on centos 6.5 Not working

Vishesh kumar linuxtovishesh at gmail.com
Fri May 15 15:22:13 CEST 2015 

Thanks for response Alan,

No My LDAP is not AD it is  openldap 2.4, and below response I am geeting

++++++++++++++++++++++++++++++++++++++++++++++++
[ldap] performing user authorization for radtest
[ldap]  expand: (uid=%u) -> (uid=radtest)
[ldap]  expand: dc=xxxx,dc=local -> dc=xxxx,dc=local
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to 127.0.0.1:389, authentication 0
  [ldap] bind as / to 127.0.0.1:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=xxxx,dc=local, with filter (uid=radtest)
[ldap] checking if remote access for radtest is allowed by uid
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
  [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "10"
  [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = 802
  [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
++++++++++++++++++++++++++++

While is conf of ldap is below,

# vi /etc/raddb/modules/ldap
ldap {
        server = "127.0.0.1"
          basedn = "dc=xxxx,dc=local"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        base_filter = "(objectclass=radiusprofile)"
        start_tls = no
        profile_attribute = "radiusprofile"
        access_attr = "uid"
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        timeout = 120
        timelimit = 50
        net_timeout = 40
        set_auth_type = no
        password_header = "{SSHA}"
        password-attribute = userPassword
}
+++++++++++++++++++++++++++++++++++++++++++

I am able to execute ldapsearch command successfully, with
username/password and anonymously as well.

Thanks
Vishesh Kumar


On Fri, May 15, 2015 at 5:51 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On May 15, 2015, at 7:35 AM, Vishesh kumar <linuxtovishesh at gmail.com>
> wrote:
>
> > I am  still struggling with below errors ,
> >
> > WARNING: No "known good" password was found in LDAP.
>
>   Read the messages BEFORE that one.  FreeRADIUS prints out the LDAP query
> it's using.  You can run the same query manually, to see what is being
> returned from the LDAP server.
>
>   Odds are that the query is wrong.  And therefore returning the wrong
> data (or no data), which doesn't include a password.
>
>   Or, the LDAP server is Active Directory.  In which case you have to use
> ntlm_auth for authentication.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Regards,
Vishesh Kumar
http://linuxmantra.com

More information about the Freeradius-Users mailing list