On Fri, 5 Apr 2002, Rob Payne wrote:
> Based upon the number of people who have this working, either I am
> trying to do something entirely crazed, or I am missing something very
> basic! Please bear with me. 8^)
>
> I have an existing FreeRadius implementation that I am attempting to
> migrate into our LDAP directory using FR 0.5. I've configured the
> radius server (mostly?) so that I am able to authenticate via LDAP if
> I used the test account's userPassword LDAP attribute.
>
> But, when I attempt to pass the radius password through, using
> radtest, instead of the LDAP password (userPassword) the server
> debugging shows the ldap bind failing.
>
> The ldap configuration section of radiusd.conf looks similar to this:
>
> ldap {
> server = "localhost"
> basedn = "dc=adomain,dc=com"
> filter = "(uid=%u)"
> start_tls = no
> access_attr = "dialupAccess"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> #
> # password_header, set, or not, doesn't appear to affect the results
> # of this test.
> #
> # password_header = "{clear}"
> #
> # The following attribute appears to be ignored with regard to
> # the attribute used to bind.
> #
> password_attribute = radiusPassword
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
>
> The debugging output looks like this:
>
> rlm_ldap: waiting for bind result ...
> modcall[authenticate]: module "ldap" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
> Login incorrect (rlm_ldap: Bind as user failed): [testuser] (from nas local port 0)
>
> Is this an LDAP configuration issue? We're running the server using
> OpenLDAP. I can successfully bind using the userpassword attribute,
> so the problem doesn't appear to be one of ldap server/client
> compatibility issues. Although, it should be noted that the radius
> daemon is running on a host with OpenLDAP v2.x while the LDAP server
> is running 1.2.x.
>
> Thanks, in advance, for any assistance that you can provide.
>
> -rob
Check your server logs, do an ldap bind with the username/password you are
trying to check from the host runing the radius server and see what happens.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html