Re: LDAP Authentication

Kostas Kalevras Sat, 06 Apr 2002 02:08:48 -0800

On Fri, 5 Apr 2002, Rob Payne wrote:

> Based upon the number of people who have this working, either I am
> trying to do something entirely crazed, or I am missing something very
> basic!  Please bear with me. 8^)
>
> I have an existing FreeRadius implementation that I am attempting to
> migrate into our LDAP directory using FR 0.5.  I've configured the
> radius server (mostly?) so that I am able to authenticate via LDAP if
> I used the test account's userPassword LDAP attribute.
>
> But, when I attempt to pass the radius password through, using
> radtest, instead of the LDAP password (userPassword) the server
> debugging shows the ldap bind failing.
>
> The ldap configuration section of radiusd.conf looks similar to this:
>
>         ldap {
>                 server = "localhost"
>                 basedn = "dc=adomain,dc=com"
>                 filter = "(uid=%u)"
>                 start_tls = no
>                 access_attr = "dialupAccess"
>                 dictionary_mapping = ${raddbdir}/ldap.attrmap
>                 ldap_connections_number = 5
> #
> #     password_header, set, or not, doesn't appear to affect the results
> #     of this test.
> #
> #                password_header = "{clear}"
> #
> #     The following attribute appears to be ignored with regard to
> #     the attribute used to bind.
> #
>                 password_attribute = radiusPassword
>                 timeout = 4
>                 timelimit = 3
>                 net_timeout = 1
>         }
>
> The debugging output looks like this:
>
> rlm_ldap: waiting for bind result ...
>   modcall[authenticate]: module "ldap" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
> Login incorrect (rlm_ldap: Bind as user failed): [testuser] (from nas local port 0)
>
> Is this an LDAP configuration issue?  We're running the server using
> OpenLDAP.  I can successfully bind using the userpassword attribute,
> so the problem doesn't appear to be one of ldap server/client
> compatibility issues.  Although, it should be noted that the radius
> daemon is running on a host with OpenLDAP v2.x while the LDAP server
> is running 1.2.x.
>
> Thanks, in advance, for any assistance that you can provide.
>
>                                -rob


Check your server logs, do an ldap bind with the username/password you are
trying to check from the host runing the radius server and see what happens.

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]      National Technical University of Athens, Greece
Work Phone:             +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP Authentication

Reply via email to