Hi Tero,
I send you my LDAP configuration.
Good luck.
Note:
MYIP= localhost if the LDAP is the same PC.
ldap {
server = MYIP
identity = "cn=Manager,dc=sgi,dc=es"
password = MYPASS
basedn = "ou=Wireless,dc=sgi,dc=es"
#filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
filter = "(uid=%u)"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689)
connections
start_tls = no
tls_mode = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
#access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
# password_header = "{clear}"
# password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupO
fUniqueNames)(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# access_attr_used_for_allow = yes
}
Jos� Luis Solano
SGI - Soluciones Globales Internet S.A.
Delegaci�n Regional Sur
[EMAIL PROTECTED]
(+34) 954.088.060
----- Original Message -----
From: "Tero Ripattila" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 17, 2004 10:59 AM
Subject: LDAP-authentication fails due to empty supplied password
Hello All,
For some reason the password I supply to my test login "foo" gets passed
as empty [1] and I cannot understand why.
I am running freeradius-0.9.3 on OpenBSD 3.4-stable. I built my FR by
entering the following build statements:
$ ./configure --enable-shared=no --without-rlm_krb5 --localstatedir=/var
--sysconfdir=/etc
$ gmake && gmake install
Here's the login information:
$ userinfo foo
login foo
passwd *
uid 20000
groups users
change NEVER
class radius
gecos FreeRadius test user
dir /home/foo
shell /usr/local/bin/bash
expire NEVER
$ cat foo-people-example-tld.ldif
version: 1
# Entry 1: uid=foo,ou=People,dc=example,dc=tld
dn:uid=foo,ou=People,dc=example,dc=tld
uid: foo
cn: Test
sn: User
uidNumber: 20000
homeDirectory: /home/foo
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: PureFTPdUser
gidNumber: 20000
loginShell: /usr/local/bin/bash
userPassword: {CRYPT}iQpBkPrd9Egzg
FTPStatus: disabled
Here's information about my login class:
$ cat /etc/login.conf
radius:\
:requirehome@:\
:auth=radius:\
:radius-server=192.168.0.11:\
:radius-timeout=1:\
:radius-retries=5:
See my attached radius_log for more detailed information about the login
process.
See line 25 ja 26: user and group are resolved as empty. I think there
should be root.wheel, because I launced the daemon as root.
See line 156-158: /etc/shadow, /etc/group and /etc/passwd - Or should I
say master.passwd - are not resolved correctly. Perhaps I should define
them in the .conf file.
Greetings,
Tero
[1] rlm_ldap: empty password supplied
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
