winbindd_priv dont exist
Carlos Bordon
cgermanb at live.com.ar
Wed Dec 13 20:21:00 CET 2017
Hi, yes i do it, and the administrator is administrator
________________________________
De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar at lists.freeradius.org> en nombre de Alan Buxey <alan.buxey at gmail.com>
Enviado: miércoles, 13 de diciembre de 2017 04:03 p.m.
Para: FreeRadius users mailing list
Asunto: Re: winbindd_priv dont exist
So, do you have those values set to yes?
Also, see the other message in the output about authentication.... You need
to bind with correct user/pass and privileges. Is your user really administraor
, (or is that a typo?)
On 13 Dec 2017 6:42 pm, "Carlos Bordon" <cgermanb at live.com.ar> wrote:
> i undertand, but I do not know where else to search, if i change the ip of
> ldap server i see the change, but with chase nothing happend, comment or
> uncomment is the same error.
>
>
> Sorry for the inconvenience, but I'm really stuck
>
>
> this a complete debug
>
> Wed Dec 13 15:39:14 2017 : Debug: (1) Received Access-Request Id 185 from
> 127.0.0.1:37200 to 127.0.0.1:1812 length 82
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Name = "administraor"
> Wed Dec 13 15:39:14 2017 : Debug: (1) User-Password = "H23dMclc"
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-IP-Address = 172.18.98.201
> Wed Dec 13 15:39:14 2017 : Debug: (1) NAS-Port = 2
> Wed Dec 13 15:39:14 2017 : Debug: (1) Message-Authenticator =
> 0x564e81c3f590c00a02ef6d81e5a1631b
> Wed Dec 13 15:39:14 2017 : Debug: (1) session-state: No State attribute
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing section authorize from
> file /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) authorize {
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy filter_username {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) -> TRUE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ / /) ->
> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@[^@]*@/
> ) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ ) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.\./ )
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if ((&User-Name =~ /@/) &&
> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /\.$/)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./) {
> Wed Dec 13 15:39:14 2017 : Debug: No matches
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&User-Name =~ /@\./)
> -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # if (&User-Name) = notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy filter_username =
> notfound
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from preprocess (rlm_preprocess)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [preprocess] = ok
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from chap (rlm_chap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [chap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from mschap (rlm_mschap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [mschap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from digest (rlm_digest)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [digest] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: Checking for suffix after "@"
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No '@' in User-Name =
> "administraor", looking up realm NULL
> Wed Dec 13 15:39:14 2017 : Debug: (1) suffix: No such realm "NULL"
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from suffix (rlm_realm)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [suffix] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: No EAP-Message, not doing EAP
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from files (rlm_files)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [files] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: calling
> ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (1):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92dd40
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (2):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a92e630
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (3):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f090
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (4):
> Hit idle_timeout, was idle for 271 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a93f980
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (0):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a8ec1f0
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Closing connection (5):
> Hit idle_timeout, was idle for 262 seconds
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): You probably need to
> lower "min"
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap: Closing libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): 0 of 0 connections in
> use. You may need to increase "spare"
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (6), 1 of 32 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9734d0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Reserved connection (6)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL XLAT
> Wed Dec 13 15:39:14 2017 : Debug: (uid=%{%{Stripped-User-Name}:-
> %{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: literal --> (uid=
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-IF {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> Stripped-User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: XLAT-ELSE {
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: }
> Wed Dec 13 15:39:14 2017 : Debug: literal --> )
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND
> (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: --> (uid=administraor)
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: EXPAND TMPL LITERAL
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Performing search in
> "cn=Users,dc=*****,dc=net" with filter "(uid=administraor)", scope "sub"
> Wed Dec 13 15:39:14 2017 : Debug: (1) ldap: Waiting for search result...
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Failed performing search:
> Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module
> configuration for details.
> Wed Dec 13 15:39:14 2017 : ERROR: (1) ldap: Server said: 00002020:
> Operation unavailable without authentication.
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Released connection (6)
> Wed Dec 13 15:39:14 2017 : Info: Need 2 more connections to reach min
> connections (3)
> Wed Dec 13 15:39:14 2017 : Info: rlm_ldap (ldap): Opening additional
> connection (7), 1 of 31 pending slots used
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Connecting to ldap://
> 172.18.98.110:389
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): New libldap handle
> 0x56501a9737f0
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Waiting for bind
> result...
> Wed Dec 13 15:39:14 2017 : Debug: rlm_ldap (ldap): Bind successful
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[authorize]: returned
> from ldap (rlm_ldap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [ldap] = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # authorize = fail
> Wed Dec 13 15:39:14 2017 : Debug: (1) Using Post-Auth-Type Reject
> Wed Dec 13 15:39:14 2017 : Debug: (1) # Executing group from file
> /etc/raddb/sites-enabled/default
> Wed Dec 13 15:39:14 2017 : Debug: (1) Post-Auth-Type REJECT {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: Parsed xlat tree:
> Wed Dec 13 15:39:14 2017 : Debug: attribute --> User-Name
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: EXPAND
> %{User-Name}
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: -->
> administraor
> Wed Dec 13 15:39:14 2017 : Debug: (1) attr_filter.access_reject: Matched
> entry DEFAULT at line 11
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from attr_filter.access_reject (rlm_attr_filter)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [attr_filter.access_reject] =
> updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: calling
> eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) eap: Request didn't contain an
> EAP-Message, not inserting EAP-Failure
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]: returned
> from eap (rlm_eap)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [eap] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) policy
> remove_reply_message_if_eap {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) {
> Wed Dec 13 15:39:14 2017 : Debug: (1) if (&reply:EAP-Message &&
> &reply:Reply-Message) -> FALSE
> Wed Dec 13 15:39:14 2017 : Debug: (1) else {
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> calling noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) modsingle[post-auth]:
> returned from noop (rlm_always)
> Wed Dec 13 15:39:14 2017 : Debug: (1) [noop] = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # else = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # policy
> remove_reply_message_if_eap = noop
> Wed Dec 13 15:39:14 2017 : Debug: (1) } # Post-Auth-Type REJECT = updated
> Wed Dec 13 15:39:14 2017 : Debug: (1) Delaying response for 1.000000
> seconds
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.3 seconds.
> Wed Dec 13 15:39:14 2017 : Debug: Waking up in 0.6 seconds.
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sending delayed response
> Wed Dec 13 15:39:15 2017 : Debug: (1) Sent Access-Reject Id 185 from
> 127.0.0.1:1812 to 127.0.0.1:37200 length 20
> Wed Dec 13 15:39:15 2017 : Debug: Waking up in 3.9 seconds.
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+cgermanb=live.com.ar at lists.
> freeradius.org> en nombre de Alan DeKok <aland at deployingradius.com>
> Enviado: miércoles, 13 de diciembre de 2017 03:21 p.m.
> Para: FreeRadius users mailing list
> Asunto: Re: winbindd_priv dont exist
>
> On Dec 13, 2017, at 1:03 PM, Carlos Bordon <cgermanb at live.com.ar> wrote:
> >
> > I make a new installation on centos 7 and freeradius v3, but i get the
> same error
>
> Then you're still making the same mistake.
>
> > i follow this guide:
> >
> > https://commonworkspace.ru/article.php?id=38
FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://commonworkspace.ru/article.php?id=38>
commonworkspace.ru
Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS 7.
> FreeRadius v3 + LDAP в CentOS v7 - Commonworkspace<https://
> commonworkspace.ru/article.php?id=38>
> commonworkspace.ru
> Установка FreeRadius V3 и настройка авторизации Radius через LDAP в CentOS
> 7.
>
>
>
>
> The FreeRADIUS Wiki has extensive documentation on this subject.
> Please follow that.
>
> > rlm_ldap (ldap): Reserved connection (0)
>
>
> And you're posting the same debug output again. That doesn't help.
>
> This isn't difficult. The debug output tells you which files the server
> is reading. You need to read the debug output, and edit those files.
>
> If you're editing a text file on disk, FreeRADIUS will see those
> changes, and read them. There is no magic here. It's all basic Unix
> system administration.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
FreeRADIUS<http://www.freeradius.org/>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
> list/users.html
> Support & Services<http://www.freeradius.org/list/users.html>
> www.freeradius.org<http://www.freeradius.org>
> The world's leading RADIUS server. The project includes a GPL AAA server,
> BSD licensed client and PAM and Apache modules. Full support is available
> from NetworkRADIUS.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list