On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> Hi Kostas,
>
> Thanks for the reply. But I am not able to figure out what to check under
> the "identity and password configuration directives". I have run the
> following command and it is able to log in.
>
> ldapsearch -h 192.168.192.41 -vx -W -p 389 -D MyUserName
>
> The above command returns back the LDAP schema.
> Please guide in terms of what changes to make.
>
> Thanks.
>
> JS.
radiusd.conf:
ldap {
server = "ldap.your.domain"
identity = "cn=admin,o=My Org,c=UA" <----!!!!
password = mypass <----!!!!
>
>
> Note: Without the -x option in the ldapsearch, I am not able to connect.
>
>
>
>
> Kostas Kalevras
> <[EMAIL PROTECTED]> To: [EMAIL
> PROTECTED]
> Sent by: cc:
> [EMAIL PROTECTED] Subject: Re: Problem faced in
> integrating Domino LDAP Server for authentication
> eradius.org with FreeRadius Server
>
>
> 22/04/2004 04:30 PM
> Please respond to
> freeradius-users
>
>
>
>
>
>
> On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> >
> > Hi Kostas,
> >
> > Please allow me to explain. I have installed FreeRadius on RedHat
> Advanced
> > Server 2.1. The Domino Server which has LDAP service running is on
> another
> > machine. I am able to authenticate this LDAP using tools like LDAP
> Browser,
> > Outlook Express, Lotus Notes etc. Besides, if you look the log
> file.......
> >
> > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat: '(uid=MyUserName)'
> > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> >
> >
> > We can see that it has returned back correctly the radius_xlat indicating
> > that the correct username has got verified. I have only put the username
> as
> > "MyUserName".
>
> NO. It has run an xlat on a string. NOTHING more.
>
> Please go ahead an read again my answer and FIX the problem reported to you
> by
> rlm_ldap. That is, fix the identity and password configuration directives
> so
> that rlm_ldap can connect to the ldap server.
>
> >
> > Can you please clarify what I am missing ?
> >
> > JS
> >
> >
> >
> >
> >
> > Kostas Kalevras
> > <[EMAIL PROTECTED]> To:
> [EMAIL PROTECTED]
> > Sent by: cc:
> > [EMAIL PROTECTED] Subject:
> Re: Problem faced in integrating Domino LDAP Server for authentication
> > eradius.org with
> FreeRadius Server
> >
> >
> > 21/04/2004 05:56 PM
> > Please respond to
> > freeradius-users
> >
> >
> >
> >
> >
> >
> > On Wed, 21 Apr 2004, Joseph Silvin wrote:
> >
> > > Hi ,
> > >
> > > I am trying to use FreeRadius ACS Server for authentication against IBM
> > > Domino LDAP Server. The following is the error message that I get. I
> have
> > > reproduced both radiusd.conf and log files. Looking forward to someone
> > who
> > > can help on this front.
> > >
> > > Thanks.
> > >
> > > JS
> > > =====================================================
> > > Log file of FreeRadius
> > > ====================================================
> > > Nothing to do. Sleeping until we see a request.
> > > rad_recv: Access-Request packet from host 127.0.0.1:1026, id=86,
> > length=60
> > > User-Name = "MyUserName"
> > > User-Password = "MyLDAPPassword"
> > > NAS-IP-Address = 255.255.255.255
> > > NAS-Port = 1
> > > modcall: entering group authorize for request 10
> > > modcall[authorize]: module "preprocess" returns ok for request 10
> > > modcall[authorize]: module "chap" returns noop for request 10
> > > modcall[authorize]: module "eap" returns noop for request 10
> > > rlm_realm: No '@' in User-Name = "MyUserName", looking up realm
> NULL
> > > rlm_realm: No such realm "NULL"
> > > modcall[authorize]: module "suffix" returns noop for request 10
> > > users: Matched DEFAULT at 152
> > > modcall[authorize]: module "files" returns ok for request 10
> > > modcall[authorize]: module "mschap" returns noop for request 10
> > > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat: '(uid=MyUserName)'
> > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> > > rlm_ldap: attempting LDAP reconnection
> > > rlm_ldap: (re)connect to 192.168.192.41:389, authentication 0
> > > rlm_ldap: bind as / to 192.168.192.41:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: LDAP login failed: check login, password settings in ldap
> > section
> > > of radiusd.conf
> >
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >
> >
> >
> > If that does not help, nothing will...
> >
> >
> > > rlm_ldap: (re)connection attempt failed
> > > rlm_ldap: search failed
> > > ldap_release_conn: Release Id: 0
> > > modcall[authorize]: module "ldap" returns fail for request 10
> > > modcall: group authorize returns fail for request 10
> > > Finished request 10
> > > Going to the next request
> > > --- Walking the entire request list ---
> > > Nothing to do. Sleeping until we see a request.
> > > =========================================================
> > >
> > > ****************DISCLAIMER***************** This message and any
> > > attachments (hereinafter referred to as the 'mail content') is
> intended
> > > solely for the addressee. The 'mail content' is confidential and
> may
> > be
> > > privileged and is also prohibited from disclosure. Access, use,
> > copying,
> > > distribution or re-use of the 'mail content' by anyone except the
> > > addressee is unauthorized. If you are not the intended addressee,
> please
> > > destroy all copies of the 'mail content' in your possession and
> > also
> > > delete the same from your computer. Any views expressed in the 'mail
> > > content' are those of the individual sender except where the sender,
> > with
> > > due authority of Jyoti Structures Ltd., specifically states them to
> be
> > > the views of Jyoti Structures Ltd. Nothing contained in the 'mail
> > > content' is capable or intended to create any legally binding
> > > obligations on the sender, Jyoti Structures Ltd. The sender,
> > Jyoti
> > > Structures Ltd., accepts no responsibility, whatsoever, for loss or
> > damage
> > > from the use of the 'Said Information' including damage from viruses.
> > > ****************************************************
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens,
> > Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens,
> Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html