Hi all : I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. I have set the radiusd configuration file (/usr/local/etc/raddb/radius.conf) about ldap information as follows :
ldap { server = "localhost" identity = "cn=Manager,dc=nchc,dc=org,dc=tw" password = hsuan basedn = "dc=nchc,dc=org,dc=tw" filter = (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = "{crypt}" password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But when I using “radius -X” to start the radius server ,and in the client I using “radtest ldapuser ldapuser radius_server_ip 0 secret” , The server shown the message : [ldap] performing user authorization for ldapuser [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (&(!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}}))" -> (&(!(objectClass=alias))(uid=ldapuser))" [ldap] expand: dc=nchc??dc=org??dc=tw -> dc=nchc??dc=org??dc=tw rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> ldapuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 128 to 192.168.2.1 port 49351 Waking up in 4.9 seconds. Cleaning up request 3 ID 128 with timestamp +135542 Then the client receive the “rad_recv: Access-Reject packet from host 192.168.2.1 port 1812, id=22, length=20” What’s the problem ? how can I fix the error ? Regards, Vicky
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html