On Wed, 6 Feb 2002, Matthew Schumacher wrote:
> Hello all,
>
> I am having trouble getting radius to work with ldap. I think I have
> the config file setup corretly because I see ldap requests in the debug.
>
> I want to use pap and {crypt} for password encryption and accourding to
> the docs that should work. But I can't seem to get it working in my
> lab. Can anyone provide a sample ldif file that I could look at?
>
> I would prefer for radius to bind as the user to get the attributes and
> authenticate. It seems that this should work if I disable the identity
> option in the ldap module.
>
> Anyway, here are some details if they help:
>
> freeradius 0.4/openldap 2.0.21
>
> Here is how I am starting radius: radiusd -f -X -y
> Here is how I am testing radius: radtest test test localhost 10 testing123
>
> Here is some debug output:
>
> rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54
> User-Name = "test"
> Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250"
> NAS-IP-Address = 255.255.255.255
> NAS-Port-Id = "10"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "suffix" returns ok
> users: Matched DEFAULT at 144
> modcall[authorize]: module "files" returns ok
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for test
> radius_xlat: '(uid=test)'
> radius_xlat: 'dc=aptalaska,dc=net'
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test)
> rlm_ldap: Added password GcuFt8zIt0v7E in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user test authorized to use remote access
> modcall[authorize]: module "ldap" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type System
> auth: type "System"
> auth: Failed to validate the user.
> Sending Access-Reject of id 68 to 127.0.0.1:32773
> Finished request 0
>
>
> Thanks,
>
> schu
The problem is with the line 'Found Auth-Type System'. You are seting the
Auth-Type somewhere to be System. The best thing to do is to remove any
Auth-Type setup from your users file. The rlm_ldap will add an Auth-Type LDAP if
it is not already set. So add a correspoding authtype section in your
authenticate section of radiusd.conf. Something like:
authenticate{
authtype LDAP {
ldap
}
}
and it should work
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
