I realize the second bind is for authentication. However, it's trying to bind as Usuari instead of the numeric UserID mentioned elsewhere in your log. It looks like this might be related to some sort of group authentication. It also looks like the LDAP bind doesn't return failure, but simply times out. (Note there is no mention of LDAP returning, just the modcall: group authtype returns reject).
Owen
--On Wednesday, June 25, 2003 1:07 PM +0200 "Francisco Orozco/Upcnet" <[EMAIL PROTECTED]> wrote:
Hi Owen,
rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0could
is a line that says:
rlm_ldap: setting TLS mode to 1
This leads me to believe that it is trying to start TLS as well, but Ibe wrong. I haven't read through the code carefully.
Always It put on log (re)connect, I think this is normal behaivour. If you see my logs, in both test, qhen I use LDAP and when I use LDAPs It logs (re)connect.
The only diference between LDAP test and LDAPs test is that on the second, It tries to connect twice, see my logs...
>> > rlm_ldap: attempting LDAP reconnection >> > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0
It connects once, and search the user who is attempting to remote access
>> > rlm_ldap: setting TLS mode to 1 >> > rlm_ldap: bind as / to albinoni.upc.es:636 >> > rlm_ldap: waiting for bind result ... >> > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) >> > rlm_ldap: looking for check items in directory... >> > rlm_ldap: looking for reply items in directory... >> > rlm_ldap: user 99990010 authorized to use remote access >> > ldap_release_conn: Release Id: 0 >> > modcall[authorize]: module "ldap" returns ok
It find him, Now It tries to authenticate
>> > modcall: group authorize returns ok >> > rad_check_password: Found Auth-Type LDAP >> > auth: type "LDAP" >> > modcall: entering group authtype >> > rlm_ldap: - authenticate >> > rlm_ldap: login attempt by "99990010" with password "hola123" >> > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX >> > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 1 >> > rlm_ldap: setting TLS mode to 1 >> > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to > albinoni.upc.es:636 >> > rlm_ldap: waiting for bind result ... >> > modcall[authenticate]: module "ldap" returns reject >> > modcall: group authtype returns reject >> > auth: Failed to validate the user.
It can't authenticate user, and It rejects...
Uhm... I don't know how configure it... and where is the problem...
rejectAlso, I'm not sure why it's trying to bind as Usuari in the second bind. It looks like the bind didn't return and the module returneddue to timeout, so it might be that with SSL your LDAP server isn't responding
Uhmm... I think that isn't the problem... Second bind is for autehntication.
______________________________________ Paco Orozco ([EMAIL PROTECTED]) Divisi� de Telecomunicacions UPCNet Edifici V�rtex - Pl. Eusebi G�ell, 6 Tel�fon centraleta: 93.40.11600
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
