Getting no results with LDAP
Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username. But the
User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version 2.1.22-1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sevcikb
radius_xlat: '(uid=sevcikb)'
radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
(uid=sevcikb)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
Hers my config:
ldap {
server = localhost
identity = cn=admin,dc=tgm,dc=ac,dc=at
password = xxx
basedn = ou=People,ou=admin,dc=tgm.dc=ac,dc=at
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
# access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case insensitive
#
# password_header = {clear}
#
# The server can usually figure this out on its own, and pull
# the correct User-Password or NT-Password from the database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with 0x, such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading 0x, NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
password_attribute = ntPassword
# groupname_attribute = cn
# groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
Thanks for help
Berndt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting no results with LDAP
The problem is solved! Sorry for the posting
Thanks
Berndt
On Tue, 2003-12-16 at 15:09, Sevcik Berndt wrote:
Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username. But
the User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version 2.1.22-1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sevcikb
radius_xlat: '(uid=sevcikb)'
radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
(uid=sevcikb)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
Hers my config:
ldap {
server = localhost
identity = cn=admin,dc=tgm,dc=ac,dc=at
password = xxx
basedn = ou=People,ou=admin,dc=tgm.dc=ac,dc=at
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
# access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case insensitive
#
# password_header = {clear}
#
# The server can usually figure this out on its own, and pull
# the correct User-Password or NT-Password from the database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with 0x, such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading 0x, NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
password_attribute = ntPassword
# groupname_attribute = cn
# groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
Thanks for help
Berndt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Diese Message wurde erstellt mit freundlicher Unterstuetzung
eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
Sie ist garantiert frei von Microsoftschen Viren.
-
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: [EMAIL PROTECTED]
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting no results with LDAP
On Tue, 16 Dec 2003, Sevcik Berndt wrote:
Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username.
But the User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version 2.1.22-1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sevcikb
radius_xlat: '(uid=sevcikb)'
radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
(uid=sevcikb)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
Check your ldap server ACIs
Check your ldap server logs
freeradius normally just uses the openldap libs (which are used by ldapsearch)
so there should be some kind of difference between the queries ran by each one.
Hers my config:
ldap {
server = localhost
identity = cn=admin,dc=tgm,dc=ac,dc=at
password = xxx
basedn = ou=People,ou=admin,dc=tgm.dc=ac,dc=at
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
# access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case insensitive
#
# password_header = {clear}
#
# The server can usually figure this out on its own, and pull
# the correct User-Password or NT-Password from the database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with 0x, such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading 0x, NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
password_attribute = ntPassword
# groupname_attribute = cn
# groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
Thanks for help
Berndt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting no results with LDAP
The problem was the following line
password = xxx
The correct syntax is:
password = xxx
I copied this line from an earlier version of freeradius (about 0.9) and
I think there it worked. But I updated also the openldap Server, so it
is hard to say which part changed.
Berndt
On Tue, 2003-12-16 at 16:23, Kostas Kalevras wrote:
On Tue, 16 Dec 2003, Sevcik Berndt wrote:
Thanks for the tip with th NT Domain hack Brian.
An other problem is the LDAP Query themself. I get no result for my Username.
But the User exists and when I use the ldapsearch command with the
same filter I also get an result.
I use the latest CVS Version of Freeradius
and openLDAP Version 2.1.22-1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sevcikb
radius_xlat: '(uid=sevcikb)'
radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
(uid=sevcikb)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
Check your ldap server ACIs
Check your ldap server logs
freeradius normally just uses the openldap libs (which are used by ldapsearch)
so there should be some kind of difference between the queries ran by each one.
Hers my config:
ldap {
server = localhost
identity = cn=admin,dc=tgm,dc=ac,dc=at
password = xxx
basedn = ou=People,ou=admin,dc=tgm.dc=ac,dc=at
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
# tls_cacertfile= /path/to/cacert.pem
# tls_cacertdir = /path/to/ca/dir/
# tls_certfile = /path/to/radius.crt
# tls_keyfile = /path/to/radius.key
# tls_randfile = /path/to/rnd
# tls_require_cert = demand
# default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA
# profile_attribute = radiusProfileDn
# access_attr = dialupAccess
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#
# NOTICE: The password_header directive is NOT case insensitive
#
# password_header = {clear}
#
# The server can usually figure this out on its own, and pull
# the correct User-Password or NT-Password from the database.
#
# Note that NT-Passwords MUST be stored as a 32-digit hex
# string, and MUST start off with 0x, such as:
#
# 0x000102030405060708090a0b0c0d0e0f
#
# Without the leading 0x, NT-Passwords will not work.
# This goes for NT-Passwords stored in SQL, too.
#
password_attribute = ntPassword
# groupname_attribute = cn
# groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
}
Thanks for help
Berndt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Diese Message wurde erstellt mit freundlicher Unterstuetzung
eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
Sie ist garantiert frei von Microsoftschen Viren.
-
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: [EMAIL PROTECTED]
-
