Question about LDAP authentication
Petit, Benoit
b.petit at bell.ca
Wed Jul 25 14:20:23 CEST 2018
Hi,
I have a quick question about LDAP authentication. The radius authentication is working but when I check the logs in debug mode I get a warning concerning LDAP. I'm wondering if this warning is important and how I can get ride of it. I put the ldap auth in the /raddb/sites-available/default file but the following warning keeps coming back, even tough the user's attributes are passed:
radiusd: FreeRADIUS Version 2.2.6, for host x86_64-redhat-linux-gnu, built on Jul 11 2017 at 04:40:14
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
[ldap] performing user authorization for ba0xxxx
[ldap] expand: (cn=%{User-Name}) -> (cn=ba0xxxxx at ssl-admin.bell)
[ldap] expand: dc=connexim,dc=com -> dc=connexim,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 10.234.4.16:389, authentication 0
[ldap] bind as cn=Manager,dc=connexim,dc=com/xxxxxxxx to 10.x.x.x:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=connexim,dc=com, with filter (cn=ba0xxxx at ssl-admin.bell)
[ldap] looking for check items in directory...
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.227.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] radiusClientIPAddress -> NAS-IP-Address == 10.226.x.x
[ldap] looking for reply items in directory...
[ldap] radiusClass -> Class = 0x61646d696e
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] Setting Auth-Type = LDAP
[ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
The logs then continue and I receive an Accept-Accept for the session. Is this warning relevant and how can I get rid of it?
Thanks,
Benoit Petit
Analyste Technique | Technical Analyst
Sécurité et Intelligence Digitale TI | IT Security and Digital Intelligence
1 Carrefour Alexandre-Graham-Bell - Aile E - 3e étage - Verdun - QC - H3E 3B3
514-391-9247
L'utilisation de ce message et régie par notre politique de courriel. www.bell.ca/PolitiqueConfidentialiteCourriel
The use of this message is restricted by our mail policies. www.bell.ca/EmailConfidentialityWarning
Vacances : 24 août au 17 septembre
More information about the Freeradius-Users
mailing list