> ok,
>
> Into radiusd.conf cn works like groupname atribute:
> ldap {
> server = "127.0.0.1"
> identity = "cn=Manager,dc=prism,dc=fr"
> password = secret
> basedn = "dc=prism,dc=fr"
> filter = "(&(objectclass=posixAccount) (uid=%u))"
> tls_mode = no
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> groupname_attribute = cn
> groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
>
>
> *** I added a new user to ldap database with "uid=princesa"
> *** password: poisson
>
> dn: uid=princesa,ou=MemberGroupB,dc=prism,dc=fr
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> cn:vanessa
> uid:princesa
> mail: [EMAIL PROTECTED]
> sn: petitefr
> ou: MemberGroupB
> telephoneNumber: 0623804754
> userpassword: poisson
>
> *** WITH RADTEST
>
> [EMAIL PROTECTED] root]# radtest princesa poisson localhost 1 secret
> Sending Access-Request of id 79 to 127.0.0.1:1812
> User-Name = "princesa"
> User-Password = "UDVV~\027\300\014\237\261\225A\332\3042U"
> NAS-IP-Address = azteca.prism.uvsq.fr
> NAS-Port = 1
> rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=79,
> length=20
> rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid
> signature!
> [EMAIL PROTECTED] root]#
>
Since your getting a reject right away before any ldap lookups, I would
guess that you don't have ldap in authorization and authentication.
example,
authorize {
preprocess
suffix
files
ldap {
notfound = return
}
}
authenticate {
Auth-Type LDAP {
ldap
}
}
>
> *** THE SINTAX IS CORRECT FOR RADTEST???????
>
> i send you radiusd.conf file.
Did you attach it? I didn't see any attachments in the email.
>
> Your help is apreciated!
>
>
> Regards
>
> Octavio
>
>
>
> Le mer 06/08/2003 � 18:39, Dustin Doris a �crit :
> >
> >
> > On Wed, 6 Aug 2003, Octavio Ramirez Rojas wrote:
> >
> > > I made the modifications, but i continous with the same "Access Reject"
> > >
> > > ideas?
> >
> > Since you posted only a small part of your radiusd.conf file, then this is
> > just a guess.
> >
> > Take a look at your authorization and authentication section of
> > radiusd.conf and make sure it includes ldap. Also, make sure the filter
> > says cn. By default, I believe it looks for uid and you have your users
> > identified by cn.
> >
> >
> >
> > >
> > >
> > > Le mer 06/08/2003 � 16:47, [EMAIL PROTECTED] a �crit :
> > > > Yes, it needs to be the same, if not, how can you bind to the directory??
> > > >
> > > >
> > > > Quoting Octavio Ramirez Rojas <[EMAIL PROTECTED]>:
> > > >
> > > > > Hi,
> > > > >
> > > > > *** I have this information, into the database LDAP
> > > > >
> > > > > # base <dc=prism,dc=fr> with scope sub
> > > > > # filter: cn=octavio
> > > > > # requesting: ALL
> > > > > #
> > > > >
> > > > > # octavio, MemberGroupA, prism.fr
> > > > > dn: cn=octavio,ou=MemberGroupA,dc=prism,dc=fr
> > > > > cn: octavio
> > > > > objectClass: top
> > > > > objectClass: person
> > > > > objectClass: organizationalPerson
> > > > > objectClass: inetOrgPerson
> > > > > mail: [EMAIL PROTECTED]
> > > > > sn: Ramirez
> > > > > ou: MemberGroupA
> > > > > telephoneNumber: 0623804754
> > > > > userPassword:: b2N0YXZpb3NlY3JldA== >>>> octaviosecret
> > > > >
> > > > > **** into slapd.conf (ldap)
> > > > >
> > > > > database bdb
> > > > > suffix "dc=prism,dc=fr"
> > > > > rootdn "cn=Manager,dc=prism,dc=fr"
> > > > > rootpw secret
> > > > > directory /usr/local/var/openldap-data
> > > > >
> > > > >
> > > > > *** into clients.conf (of radius):
> > > > >
> > > > > client 127.0.0.1 {
> > > > >
> > > > > secret = testing123
> > > > > shortname = localhost
> > > > > }
> > > > >
> > > > > *** into radiusd.conf (of radius)
> > > > >
> > > > > ldap {
> > > > > server = "127.0.0.1"
> > > > > identity = "cn=Manager,dc=prism,dc=fr"
> > > > > password = aztecas
> > > > > basedn = "dc=prism,dc=fr"
> > > > > }
> > > > >
> > > > > ***
> > > > > WHEN I TRYING RADTEST LIKE THIS:
> > > > >
> > > > > [EMAIL PROTECTED] root]# radtest octavio octaviosecret 127.0.0.1 1 testing123
> > > > > Sending Access-Request of id 63 to 127.0.0.1:1812
> > > > > User-Name = "octavio"
> > > > > User-Password = "\275A\372)ab\\\020\365\234;\226gW\023\r"
> > > > > NAS-IP-Address = azteca.prism.uvsq.fr
> > > > > NAS-Port = 1
> > > > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=63,
> > > > > length=20
> > > > > [EMAIL PROTECTED] root]#
> > > > >
> > > > > **** IS THERE A PASSWORD PROBLEM?
> > > > >
> > > > > **** PASSWORD OF slapd.conf MUST BE THE SAME ONE THAT THE ONE OF
> > > > > radiusd.conf?
> > > > >
> > > > >
> > > > > Regards
> > > > >
> > > > > Octavio
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
