Hi all : I have install freeradius-server-2.1.1 and I want use LDAP to do authentication.
But when I using "radius -X" to start the radius server ,and in the client I using "radtest ldapuser ldapuser radius_server_ip 0 secret" , The server shown the message : rad_recv: Access-Request packet from host radius_client_ip port 35833, id=168, length=60 User-Name = "ldapuser" User-Password = "ldapuser" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ldapuser", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[unix] returns updated [sql] expand: %{User-Name} -> ldapuser [sql] sql_set_user escaped user --> 'ldapuser' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'ldapuser' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'ldapuser' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 [sql] User ldapuser not found ++[sql] returns notfound [ldap] performing user authorization for ldapuser [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ldapuser) [ldap] expand: o=My Org,c=UA -> o=My Org,c=UA rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,o=My Org,c=UA/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> ldapuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 168 to radius_server_ip port 35833 Waking up in 4.9 seconds. Cleaning up request 2 ID 168 with timestamp +1020 The error looks like "rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed , what's the problem ?? " Regards, Vicky
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html