The problem was the following line password = xxx The correct syntax is:
password = "xxx" I copied this line from an earlier version of freeradius (about 0.9) and I think there it worked. But I updated also the openldap Server, so it is hard to say which part changed. Berndt On Tue, 2003-12-16 at 16:23, Kostas Kalevras wrote: > On Tue, 16 Dec 2003, Sevcik Berndt wrote: > > > Thanks for the tip with th NT Domain hack Brian. > > > > An other problem is the LDAP Query themself. I get no result for my Username. > > But the User exists and when I use the ldapsearch command with the > > same filter I also get an result. > > > > I use the latest CVS Version of Freeradius > > and openLDAP Version 2.1.22-1 > > > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for sevcikb > > radius_xlat: '(uid=sevcikb)' > > radius_xlat: 'ou=People,ou=admin,dc=tgm.dc=ac,dc=at' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: performing search in ou=People,ou=admin,dc=tgm.dc=ac,dc=at, with filter > > (uid=sevcikb) > > rlm_ldap: object not found or got ambiguous search result > > rlm_ldap: search failed > > ldap_release_conn: Release Id: 0 > > Check your ldap server ACIs > Check your ldap server logs > > freeradius normally just uses the openldap libs (which are used by ldapsearch) > so there should be some kind of difference between the queries ran by each one. > > > > > Hers my config: > > > > ldap { > > server = "localhost" > > identity = "cn=admin,dc=tgm,dc=ac,dc=at" > > password = xxx > > basedn = "ou=People,ou=admin,dc=tgm.dc=ac,dc=at" > > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > > > > # base_filter = "(objectclass=radiusprofile)" > > > > # set this to 'yes' to use TLS encrypted connections > > # to the LDAP database by using the StartTLS extended > > # operation. > > # The StartTLS operation is supposed to be used with normal > > # ldap connections instead of using ldaps (port 689) connections > > start_tls = no > > > > # tls_cacertfile = /path/to/cacert.pem > > # tls_cacertdir = /path/to/ca/dir/ > > # tls_certfile = /path/to/radius.crt > > # tls_keyfile = /path/to/radius.key > > # tls_randfile = /path/to/rnd > > # tls_require_cert = "demand" > > > > # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" > > # profile_attribute = "radiusProfileDn" > > # access_attr = "dialupAccess" > > > > # Mapping of RADIUS dictionary attributes to LDAP > > # directory attributes. > > dictionary_mapping = ${raddbdir}/ldap.attrmap > > > > ldap_connections_number = 5 > > > > # > > # NOTICE: The password_header directive is NOT case insensitive > > # > > # password_header = "{clear}" > > # > > # The server can usually figure this out on its own, and pull > > # the correct User-Password or NT-Password from the database. > > # > > # Note that NT-Passwords MUST be stored as a 32-digit hex > > # string, and MUST start off with "0x", such as: > > # > > # 0x000102030405060708090a0b0c0d0e0f > > # > > # Without the leading "0x", NT-Passwords will not work. > > # This goes for NT-Passwords stored in SQL, too. > > # > > password_attribute = ntPassword > > # groupname_attribute = cn > > # groupmembership_filter = > > "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" > > # groupmembership_attribute = radiusGroupName > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > # compare_check_items = yes > > # do_xlat = yes > > # access_attr_used_for_allow = yes > > } > > > > Thanks for help > > Berndt > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Diese Message wurde erstellt mit freundlicher Unterstuetzung eines freilaufenden Pinguins aus artgerechter Freilandhaltung. Sie ist garantiert frei von Microsoftschen Viren. ----------------------------------------- TGM - Die Schule der Technik IT-Service A-1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] ----------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html