I've got an older version of freeradius successfully authenticating off of our Novell
NDS via LDAP. I'm doing some testing with 0.9.3 and having problems. On the LDAP
server it doesn't even look like it is receiving the query. I've even tried this
without the SSL and on the standard port. I've attached my LDAP section from the
radius.conf and the log. Any idea what the problem could be? This is running on SuSE
8.2.
thanks,
andy
====
rad_recv: Access-Request packet from host 192.168.2.3:1635, id=4, length=73
User-Name = "afranklin"
User-Password = "pwd"
Attr-201588768 = 0x00000004
NAS-IP-Address = 192.168.2.3
NAS-Port-Type = Virtual
rad_lowerpair: User-Name now 'afranklin'
rad_rmspace_pair: User-Name now 'afranklin'
modcall: entering group authorize for request 17
modcall[authorize]: module "preprocess" returns ok for request 17
rlm_realm: No '@' in User-Name = "afranklin", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 17
users: Matched DEFAULT at 139
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'o=Berg_US'
radius_xlat: '(cn=afranklin)'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldaps://us-web-1.domain:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=RadiusLDAPBind,o=Berg_US/pwd to ldaps://us-web-1.domain:636
rlm_ldap: cn=RadiusLDAPBind,o=Berg_US bind to ldaps://us-web-1.domain:636 failed:
Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 180
modcall[authorize]: module "files" returns ok for request 17
rlm_ldap: - authorize
rlm_ldap: performing user authorization for afranklin
radius_xlat: '(cn=afranklin)'
radius_xlat: 'o=Berg_US'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldaps://us-web-1.domain:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=RadiusLDAPBind,o=Berg_US/pwd to ldaps://us-web-1.domain:636
rlm_ldap: cn=RadiusLDAPBind,o=Berg_US bind to ldaps://us-web-1.domain:636 failed:
Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 17
modcall: group authorize returns fail for request 17
Finished request 17
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.3:1635, id=4, length=73
Dropping packet from client US-RFD-VPN3005-1:1635 - ID: 4 due to dead request 17
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 17 ID 4 with timestamp 401193ef
Nothing to do. Sleeping until we see a request.
====
ldap {
# server = "us-fs-1.domain"
server = ldaps://us-web-1.domain
identity = "cn=RadiusLDAPBind,o=Berg_US"
password = "pwd"
basedn = "o=Berg_US"
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
port = 636
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
# password_attribute = userPassword
groupname_attribute = cn
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
groupmembership_attribute = groupMembership
timeout = 4
timelimit = 3
net_timeout = 1
}
authorize {
preprocess
# chap
# eap
suffix
files
# mschap
ldap
}
authenticate {
# Auth-Type PAP {
# pap
# }
# Auth-Type CHAP {
# chap
# }
# Auth-Type MS-CHAP {
# mschap
# }
# unix
Auth-Type LDAP {
ldap
}
# eap
}
====
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
