On Thu, 6 Feb 2003, Alexandre wrote:
> yes !
> see the radius.conf:
The *authenticate* section:
authenticate{
[ blah blah blah ]
}
>
> Auth-Type := LDAP
> ldap {
> #server = "ldap.your.domain"
> server = diretorio.sede.fazenda.sp.gov.br
> identity = "cn=directory manager"
> password = ___passowrd ___
> #ASA
> #basedn = "o=My Org,c=UA"
> basedn = ou=pessoal,o=fazenda,o=sp.gov,c=br
> #filter = "(uid=%u{Stripped-User-Name:-%{User-Name}})"
> filter = "uid=%u"
>
> # set this to 'yes' to use TLS encrypted connections
> # to the LDAP database by using the StartTLS extended
> # operation.
> start_tls = no
> # set this to 'yes' to use TLS encrypted connections to the
> # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to
> # the ldap library.
> tls_mode = no
>
> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> #access_attr = "dialupAccess"
>
> # Mapping of RADIUS dictionary attributes to LDAP
> # directory attributes.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
>
> # ldap_cache_timeout = 120
> # ldap_cache_size = 0
> ldap_connections_number = 50
> #password_header = "{clear}"
> password_attribute = userPassword
> # groupname_attribute = cn
> timeout = 4
> timelimit = 3
> net_timeout = 1
> # compare_check_items = yes
> #access_attr_used_for_allow = yes
> }
>
> Kostas Kalevras wrote:
>
> > On Thu, 6 Feb 2003, Alexandre wrote:
> >
> > > hi Kostas
> > >
> > > i have ldap module in my authentication directive !!!!
> > > i coment many entries in ldap.attrmap file
> > > so, now the request check only this:
> > > checkItem Auth-Type radiusAuthType
> > >
> > > but not ok because the user cant authenticate !
> > >
> > > see the log:
> > >
> > > --- Walking the entire request list ---
> > > Cleaning up request 29 ID 188 with timestamp 3e42995b
> > > Nothing to do. Sleeping until we see a request.
> > > rad_recv: Access-Request packet from host 10.12.1.254:1645, id=189, length=103
> > > NAS-IP-Address = 10.12.1.254
> > > NAS-Port = 2
> > > NAS-Port-Type = Async
> > > User-Name = "nytaniguchi"
> > > Called-Station-Id = "45880998"
> > > Calling-Station-Id = "1145230164"
> > > User-Password = "taniguchi"
> > > Service-Type = Framed-User
> > > Framed-Protocol = PPP
> > > modcall: entering group authorize
> > > modcall[authorize]: module "preprocess" returns ok
> > > rlm_realm: No '@' in User-Name = "nytaniguchi", looking up realm NULL
> > > rlm_realm: No such realm NULL
> > > modcall[authorize]: module "suffix" returns noop
> > > users: Matched DEFAULT at 97
> > > modcall[authorize]: module "files" returns ok
> > > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for nytaniguchi
> > > radius_xlat: 'uid=nytaniguchi'
> > > radius_xlat: 'ou=pessoal,o=fazenda,o=sp.gov,c=br'
> > > ldap_get_conn: Got Id: 0
> > > rlm_ldap: performing search in ou=pessoal,o=fazenda,o=sp.gov,c=br, with filter
> > > uid=nytaniguchi
> > > rlm_ldap: looking for check items in directory...
> > > rlm_ldap: looking for reply items in directory...
> > > rlm_ldap: user nytaniguchi authorized to use remote access
> > > ldap_release_conn: Release Id: 0
> > > modcall[authorize]: module "ldap" returns ok
> > > modcall: group authorize returns ok
> > > rad_check_password: Found Auth-Type LDAP
> > > auth: type "LDAP"
> >
> > The ldap module is *not* called in the authenticate section.
> > Could you post your authenticate section?
> >
> > > auth: Failed to validate the user.
> > > Login incorrect: [nytaniguchi/taniguchi] (from client intragov port 2 cli
> > > 1145230164)
> > > Delaying request 30 for 1 seconds
> > > Finished request 30
> > > Going to the next request
> > > --- Walking the entire request list ---
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> ??¬?)?£?.n?+‰·??{.n?+‰·?I???????0???y??v+¬?Š??X¬·?¬z»?†??
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
