You probably want Auth-Type LDAP
something like below in radiusd.conf
authenticate {
authtype LDAP {
ldap
}
}
On Sun, 9 Mar 2003, Patrick McShane wrote:
>
> Hello,
>
> I was testing v0.81 against our existing LDAP DB and the searches worked
> fine. The LDAP module seemed to authenticate the LDAP user but then
> somewhere along the line, "Auth-Type System" failed to "validate" the
> user. We only want to validate/authenticate dialin users against LDAP
> so does anyone know where our configuration problem might exist? We
> went through the "rlm_ldap" doc and implemented all of the LDAP
> configuration options it suggested. Please advise.
>
> Thanks,
> Pat McShane - ICDC.COM
>
> OUTPUT FROM RADTEST
> ====================
> [EMAIL PROTECTED] root]# radtest [EMAIL PROTECTED] ziggy localhost 0 testing123
> Sending Access-Request of id 237 to 127.0.0.1:1812
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "[EMAIL PROTECTED]:\332c_\341z\036\n\004rhS"
> NAS-IP-Address = ziggy.icdc.com
> NAS-Port = 0
> rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=237,
> length=20
> [EMAIL PROTECTED] root]#�
>
>
> OUTPUT FROM RADIUSD
> ===================
> rad_recv: Access-Request packet from host 127.0.0.1:32781, id=237,
> length=64
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "ziggy"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_chap: Could not find proper Chap-Password attribute in request
> modcall[authorize]: module "chap" returns noop
> rlm_realm: Looking up realm icdc.com for User-Name = "[EMAIL PROTECTED]"
> rlm_realm: Found realm icdc.com
> rlm_realm: Adding Stripped-User-Name = "pem"
> rlm_realm: Proxying request from user pem to realm icdc.com
> rlm_realm: Adding Realm = "icdc.com"
> rlm_realm: Authentication realm is LOCAL.
> rlm_realm: auth_port is not set. proxy cancelled
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for pem
> radius_xlat: '(uid=pem)'
> radius_xlat: 'o=icdc.com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to ns6.icdc.com:389, authentication 0
> rlm_ldap: bind as / to ns6.icdc.com:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in o=icdc.com, with filter (uid=pem)
> rlm_ldap: checking if remote access for pem is allowed by dialuptemplate
> rlm_ldap: Added password ziggy in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding unixpassword as Password, value ziggy & op=21
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user pem authorized to use remote access
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type System
> auth: type "System"
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 237 to 127.0.0.1:32781
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 237 with timestamp 3e6ba8c3
> Nothing to do. Sleeping until we see a request.
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
