The problem was the following line
password = xxx
The correct syntax is:
password = "xxx"
I copied this line from an earlier version of freeradius (about 0.9) and
I think there it worked. But I updated also the openldap Server, so it
is hard to say which part changed.
Berndt
On Tue, 2003-12-16 at 16:23, Kostas Kalevras wrote:
> On Tue, 16 Dec 2003, Sevcik Berndt wrote:
>
> > Thanks for the tip with th NT Domain hack Brian.
> >
> > An other problem is the LDAP Query themself. I get no result for my Username.
> > But the User exists and when I use the ldapsearch command with the
> > same filter I also get an result.
> >
> > I use the latest CVS Version of Freeradius
> > and openLDAP Version 2.1.22-1
> >
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for sevcikb
> > radius_xlat: '(uid=sevcikb)'
> > radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at'
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter
> > (uid=sevcikb)
> > rlm_ldap: object not found or got ambiguous search result
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
>
> Check your ldap server ACIs
> Check your ldap server logs
>
> freeradius normally just uses the openldap libs (which are used by ldapsearch)
> so there should be some kind of difference between the queries ran by each one.
>
> >
> > Hers my config:
> >
> > ldap {
> > server = "localhost"
> > identity = "cn=admin,dc=tgm,dc=ac,dc=at"
> > password = xxx
> > basedn = "ou=People,ou=admin,dc=tgm.dc=ac,dc=at"
> > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> >
> > # base_filter = "(objectclass=radiusprofile)"
> >
> > # set this to 'yes' to use TLS encrypted connections
> > # to the LDAP database by using the StartTLS extended
> > # operation.
> > # The StartTLS operation is supposed to be used with normal
> > # ldap connections instead of using ldaps (port 689) connections
> > start_tls = no
> >
> > # tls_cacertfile = /path/to/cacert.pem
> > # tls_cacertdir = /path/to/ca/dir/
> > # tls_certfile = /path/to/radius.crt
> > # tls_keyfile = /path/to/radius.key
> > # tls_randfile = /path/to/rnd
> > # tls_require_cert = "demand"
> >
> > # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
> > # profile_attribute = "radiusProfileDn"
> > # access_attr = "dialupAccess"
> >
> > # Mapping of RADIUS dictionary attributes to LDAP
> > # directory attributes.
> > dictionary_mapping = ${raddbdir}/ldap.attrmap
> >
> > ldap_connections_number = 5
> >
> > #
> > # NOTICE: The password_header directive is NOT case insensitive
> > #
> > # password_header = "{clear}"
> > #
> > # The server can usually figure this out on its own, and pull
> > # the correct User-Password or NT-Password from the database.
> > #
> > # Note that NT-Passwords MUST be stored as a 32-digit hex
> > # string, and MUST start off with "0x", such as:
> > #
> > # 0x000102030405060708090a0b0c0d0e0f
> > #
> > # Without the leading "0x", NT-Passwords will not work.
> > # This goes for NT-Passwords stored in SQL, too.
> > #
> > password_attribute = ntPassword
> > # groupname_attribute = cn
> > # groupmembership_filter =
> > "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> > # groupmembership_attribute = radiusGroupName
> > timeout = 4
> > timelimit = 3
> > net_timeout = 1
> > # compare_check_items = yes
> > # do_xlat = yes
> > # access_attr_used_for_allow = yes
> > }
> >
> > Thanks for help
> > Berndt
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Diese Message wurde erstellt mit freundlicher Unterstuetzung
eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
Sie ist garantiert frei von Microsoftschen Viren.
-----------------------------------------
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: [EMAIL PROTECTED]
-----------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
