Kostas Kalevras wrote:
On Thu, 6 Mar 2003, Robert Morse wrote:checking for ldap_init in -lldap_r... no^^^^^^^^^^^^^^^^^^^^^^^^^^^So do you have libldap_r in /opt/local/openldap/lib? Does it work correctly?
Kostas,
As it turns out, the libs were not in the correct place. I recompiled and installed
the openldap sdk and now the configure works.
Now I am trying to do some radtest commands to test it out. I find the documentation
a little lacking on configuring for ldap auth. Does anybody know of a "good" document
that would walk me through the configuration steps for this?
Here is the radtest command I use:
radtest test_user <password> localhost:1645 0 testingtesting
and here is the output of that command:
Sending Access-Request of id 97 to 127.0.0.1:1645
User-Name = "test_user"
User-Password = "r\n\374A-\242Fn\047gR\234\201\r\026\255"
NAS-IP-Address = radius.test.brown.edu
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=97, length=20
I started the radisud with the -X switch, and here is the output when I run that
radtest command:
rad_recv: Access-Request packet from host 127.0.0.1:44398, id=97, length=59
User-Name = "test_user"
User-Password = "******"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "test_user", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test_user
radius_xlat: '(uid=test_user)'
radius_xlat: 'ou=people,dc=brown,dc=edu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=brown,dc=edu, with filter (uid=test_user)
rlm_ldap: checking if remote access for test_user is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test_user authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 97 to 127.0.0.1:44398
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 97 with timestamp 3e68bf05
Nothing to do. Sleeping until we see a request.
I can see that the error "auth: Failed to validate the user." is telling me that
it failed, but I am not sure exactly where it failed.
I am sure that the passwords I am using are correct. I can do an ldapsearch
command and authorize as the test_user on the command line, so I know that
works. I think I have some configuration issues. I am looking at some documents
I found on the net, but none that have helped so far.
Any help is appreciated.
Thanks.
