Hello all...
I'm running FreeRadius (0.9.2, built from the RedHat specfile as an
RPM), and trying to get it to use LDAP authentication, using Novell
eDirectory (8.6) as the LDAP source.
I use a similar method (PAM -> LDAP -> eDirectory) to authenticate
users for SSH/ftp and similar services on my Linux servers.
Setting a 'local' user in the users file, and running up radiusd -X,
all seems fine. I haven't touch clients.conf, so I'm just testing with
radtest and localhost.
However, switching to LDAP is where I get the problems.
I have:
DEFAULT Auth-Type = ldap
Fall-Through = 1
in users.
I have commented out everything in ldap.attrmap, except the first two
entries:
checkItem $GENERIC$ radiusCheckItem
replyItem $GENERIC$ radiusReplyItem
In radiusd.conf, I have:
ldap {
server = "193.63.251.176"
port = 636
basedn = "ou=Login,o=LSHTM"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
... all other settings, other than 'timeout', etc. are commented out.
I do:
radtest username password localhost 0 testing123
I get:
Sending Access-Request of id 2 to 127.0.0.1:1812
User-Name = "username"
User-Password = "password"
NAS-IP-Address = x.lshtm.ac.uk
NAS-Port = 0
Re-sending Access-Request of id 2 to 127.0.0.1:1812
User-Name = "anstpbat"
User-Password = "\blah\blah"
NAS-IP-Address = x.lshtm.ac.uk
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=2,
length=20
And in the output from radiusd -X, I see:
<snip>
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1461, id=18,
length=60
User-Name = "username"
User-Password = "password"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "username", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 159
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
auth: type "LDAP"
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "username" with password "password"
radius_xlat: '(cn=username)'
radius_xlat: 'ou=Login,o=LSHTM'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to a.b.c.d:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as / to a.b.c.d:636
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=Login,o=LSHTM, with filter
(cn=username)
ldap_release_conn: Release Id: 0
rlm_ldap: user DN: cn=Username,ou=Login,o=LSHTM
rlm_ldap: (re)connect to a.b.c.d:636, authentication 1
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=Username,ou=Login,o=LSHTM/password to a.b.c.d:636
rlm_ldap: waiting for bind result ...
modcall[authenticate]: module "ldap" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_ldap: Bind as user failed): [username/password]
(from client localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
...
Is there anyone out there (I've already talked to one member of this
list about this) using the LDAP-accessible stuff in Novell eDirectory
with freeradius?
Can anyone explain what's going wrong here or what I can try next?
Thanks...
--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
