Hello all,
I am having trouble getting radius to work with ldap. I think I have
the config file setup corretly because I see ldap requests in the debug.
I want to use pap and {crypt} for password encryption and accourding to
the docs that should work. But I can't seem to get it working in my
lab. Can anyone provide a sample ldif file that I could look at?
I would prefer for radius to bind as the user to get the attributes and
authenticate. It seems that this should work if I disable the identity
option in the ldap module.
Anyway, here are some details if they help:
freeradius 0.4/openldap 2.0.21
Here is how I am starting radius: radiusd -f -X -y
Here is how I am testing radius: radtest test test localhost 10 testing123
Here is some debug output:
rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54
User-Name = "test"
Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "10"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 144
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=aptalaska,dc=net'
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test)
rlm_ldap: Added password GcuFt8zIt0v7E in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.
Sending Access-Reject of id 68 to 127.0.0.1:32773
Finished request 0
Thanks,
schu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
