Greetings, I'm new to the FreeRadius world, and frankly pretty new to radius in general.
My situation is this: I have inherited a Netscape Directory Server 4.11 using Solaris Extensions and dsradiusd for my radius authentication. We have added another dialup provider to our existing services and this one requires CHAP authentication and an Ascend-Data-Filter form SMTP blocking. The documentation for dsradiusd is incredibly poor, so if it can do what I now need it to, I have no real way of knowing. (If someone knows and can put me out of my misery quick, that would be ok too) Freeradius however does support everything I need. And while you say your documentation needs work, it's far beyond the other projects I've looked at recently. I've managed to build and get running the freeradius server, basic authentication works fine (bob account) but it fails when I try LDAP authentication against my Netscape Directory Server. I believe the problem is that my LDAP server is set up with remoteUser, accounts not posixAccounts for the classObject. Between looking at the code (rlm_ldap.c) and the debug output, it appears to be attempting to rebind as the login user. What do I need to change to get Freeradius to work with remoteUsers instead of posixAccounts? Am I on the right path? And thinkiig a little further ahead - is Freeradius going to pull the proper attributes from the LDAP server to forward to the NAS? Thank you for your help! Dave Vondracek CTO, IntNet [EMAIL PROTECTED] ps - here are some of the config changes I've made, and program outputs. First DEFAULT in users (replaces system auth): DEFAULT Auth-Type := LDAP Fall-Through = 1 Changes to radius.conf: ldap { [ldap server info] filter = "(&(Objectclass=remoteUser)(uid=%u))" [...etc...] } authenticate { # pam # unix #chap pap ldap # mschap # eap } Radtest: # radtest bob "bob" localhost:1245 1 testing123 Sending Access-Request of id 106 to 127.0.0.1:1245 User-Name = "bob" User-Password = "-\016\001\353.\032\332f\336\n\373M\353\322\241\231" NAS-IP-Address = archimedes NAS-Port-Id = "1" rad_recv: Access-Accept packet from host 127.0.0.1:1245, id=106, length=32 Reply-Message = "Hello, bob" # radtest test "test" localhost:1245 1 testing123 Sending Access-Request of id 111 to 127.0.0.1:1245 User-Name = "test" User-Password = "\277\356\001\347T\226\354s\t\243\227\263\257L\343*" NAS-IP-Address = archimedes NAS-Port-Id = "1" rad_recv: Access-Reject packet from host 127.0.0.1:1245, id=111, length=20 /usr/local/sbin/radiusd -X -A <SNIP> rlm_ldap: - authenticate rlm_ldap: login attempt by "test" with password "test" radius_xlat: '(&(Objectclass=remoteUser)(uid=test))' radius_xlat: 'o=intnet.net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ds1.intnet.net:389, authentication 0 rlm_ldap: bind as uid=ADMIN,ou=People,o=intnet.net/ADMINPASSWORD rlm_ldap: waiting for bind result ... request 1 done rlm_ldap: performing search in o=intnet.net, with filter (&(Objectclass=remoteUser)(uid=test)) request 2 done ldap_release_conn: Release Id: 0 rlm_ldap: user DN: uid=test,ou=INO Dial Subscribers, o=intnet.net rlm_ldap: (re)connect to ds1.intnet.net:389, authentication 1 rlm_ldap: bind as uid=test,ou=INO Dial Subscribers, o=intnet.net/test rlm_ldap: waiting for bind result ... request 1 done rlm_ldap: uid=davetest,ou=INO Dial Subscribers, o=intnet.net bind failed Inappropriate authentication modcall[authenticate]: module "ldap" returns fail <SNIP> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html