I have a working version of freeradius v0.8.1 authenticating off of the unix password file on a RH linux 7.1 server. I would like to authenticate off of my iplanet ldap server v5.1 on the same host. i have compilled radius to use ldap.
I have add ldap auth in radiusd.conf and setup the radius entries in the same file.
my problem is that when i run radius in debug and use ntradping to test my config. i can see that radius is using ldap_mod to search and find the username i am testing under ldap and reports back to radius that he is authenticated but then it goes on and reports back that the user is not authenticated to login.
can i have multiple authentication schemes such as ldap, unix etc???
as shown in the debug
rad_recv: Access-Request packet from host 192.168.5.2:3729, id=11, length=48
User-Name = "Bazoo"
User-Password = "xxxxxx"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "Bazoo", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Bazoo
radius_xlat: '(uid=Bazoo)'
radius_xlat: 'ou=People,dc=pigsarse,dc=net'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to chronos.pigsarse.net:8127:389, authentication 0
rlm_ldap: bind as cn=directory manager/xxxxxxxx to chronos.pigsarse.net:8127:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=People,dc=pigsarse,dc=net, with filter (uid=Bazoo)
rlm_ldap: Added password {SSHA}zBWrzWqkaEe7MYBFvrBh725BazBDDJ0DP3QGPQ== in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Bazoo authorized to use remote access <-- authorized
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Login incorrect: [Bazoo/xxxxxx] (from client private-network-2 port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
User-Name = "Bazoo"
User-Password = "xxxxxx"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "Bazoo", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Bazoo
radius_xlat: '(uid=Bazoo)'
radius_xlat: 'ou=People,dc=pigsarse,dc=net'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to chronos.pigsarse.net:8127:389, authentication 0
rlm_ldap: bind as cn=directory manager/xxxxxxxx to chronos.pigsarse.net:8127:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=People,dc=pigsarse,dc=net, with filter (uid=Bazoo)
rlm_ldap: Added password {SSHA}zBWrzWqkaEe7MYBFvrBh725BazBDDJ0DP3QGPQ== in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Bazoo authorized to use remote access <-- authorized
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Login incorrect: [Bazoo/xxxxxx] (from client private-network-2 port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
here is a copy of my radiusd.conf file ldap section i can send the whole file if needed.
ldap {
server = "chronos.pigsarse.net:8127"
identity = "cn=directory manager"
password = "xxxxxxxx"
basedn = "ou=People,dc=pigsarse,dc=net"
filter = "(uid=%u)"
start_tls = no
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
ldap {
server = "chronos.pigsarse.net:8127"
identity = "cn=directory manager"
password = "xxxxxxxx"
basedn = "ou=People,dc=pigsarse,dc=net"
filter = "(uid=%u)"
start_tls = no
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
Yahoo! Mobile
- Check & compose your email via SMS on your Telstra or Vodafone mobile.
