Re: ldap section

[Kostas Kalevras]

On Wed, 31 Mar 2004, Ron Wahler wrote:

>
> Can you authenticate without the idenity and password filled out? I
> can't seem to get it to work without these fields filled out?


You need to setup the corresponding LDAP ACIs to allow search privileges to
anonymous access (bad idea from a security point of view).
Or just create a search user with search permissions on your directory and use
that one for identity/password

>
> Thanks,
> Ron.
>
> ldap ldap_rp-eng{
>                 server = 10.0.0.25
>                 port = 389
> #identity = "[EMAIL PROTECTED]"
> #password = "tester"
>                 basedn = "cn=Users,dc=rp-eng,dc=com"
>                 filter =
> "(SamAccountName=%{Stripped-User-Name:-%{User-Name}})"
>                 start_tls = no
>                 tls_mode = no
>                 timeout = 20
>                 net_timeout = 10
>                 timelimit = 20
>         }
> [Ron Wahler]
>
>
>
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for rontest
> radius_xlat:  '(SamAccountName=rontest)'
> radius_xlat:  'cn=Users,dc=rp-eng,dc=com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 10.0.0.25:389, authentication 0
> rlm_ldap: bind as / to 10.0.0.25:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in cn=Users,dc=rp-eng,dc=com, with filter
> (SamAccountName=rontest)
> rlm_ldap: object not found or got ambiguous search result
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap_rp-eng" returns notfound for request
> 0
> modcall: group autztype returns notfound for request 0
>   rad_check_password:  Found Auth-Type rp-eng
> auth: type "rp-eng"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authtype for request 0
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "rontest" with password "rontest"
> radius_xlat:  '(SamAccountName=rontest)'
> radius_xlat:  'cn=Users,dc=rp-eng,dc=com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in cn=Users,dc=rp-eng,dc=com, with filter
> (SamAccountName=rontest)
> rlm_ldap: object not found or got ambiguous search result
> ldap_release_conn: Release Id: 0
>   modcall[authenticate]: module "ldap_rp-eng" returns notfound for
> request 0
> modcall: group authtype returns notfound for request 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html