On Thu, 22 Apr 2004, Joseph Silvin wrote:

>
> Hi Kostas,
>
> Thanks for the reply. But I am not able to figure out what to check under
> the "identity and password configuration directives". I have run the
> following command and it is able to log in.
>
> ldapsearch -h 192.168.192.41 -vx -W -p 389 -D MyUserName
>
> The above command returns back the LDAP schema.
> Please guide in terms of what changes to make.
>
> Thanks.
>
> JS.

radiusd.conf:


        ldap {
                server = "ldap.your.domain"
                identity = "cn=admin,o=My Org,c=UA"     <----!!!!
                password = mypass                       <----!!!!

>
>
> Note: Without the -x option in the ldapsearch, I am not able to connect.
>
>
>
>
>                       Kostas Kalevras
>                       <[EMAIL PROTECTED]>                    To:       [EMAIL 
> PROTECTED]
>                       Sent by:                                cc:
>                       [EMAIL PROTECTED]        Subject:  Re: Problem faced in 
> integrating Domino LDAP Server for authentication
>                       eradius.org                              with FreeRadius Server
>
>
>                       22/04/2004 04:30 PM
>                       Please respond to
>                       freeradius-users
>
>
>
>
>
>
> On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> >
> > Hi Kostas,
> >
> > Please allow me to explain. I have installed FreeRadius on RedHat
> Advanced
> > Server 2.1. The Domino Server which has LDAP service running is on
> another
> > machine. I am able to authenticate this LDAP using tools like LDAP
> Browser,
> > Outlook Express, Lotus Notes etc. Besides, if you look the log
> file.......
> >
> > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat:  '(uid=MyUserName)'
> > > radius_xlat:  'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> >
> >
> > We can see that it has returned back correctly the radius_xlat indicating
> > that the correct username has got verified. I have only put the username
> as
> > "MyUserName".
>
> NO. It has run an xlat on a string. NOTHING more.
>
> Please go ahead an read again my answer and FIX the problem reported to you
> by
> rlm_ldap. That is, fix the identity and password configuration directives
> so
> that rlm_ldap can connect to the ldap server.
>
> >
> > Can you please clarify what I am missing ?
> >
> > JS
> >
> >
> >
> >
> >
> >                       Kostas Kalevras
> >                       <[EMAIL PROTECTED]>                    To:
> [EMAIL PROTECTED]
> >                       Sent by:                                cc:
> >                       [EMAIL PROTECTED]        Subject:
> Re: Problem faced in integrating Domino LDAP Server for authentication
> >                       eradius.org                              with
> FreeRadius Server
> >
> >
> >                       21/04/2004 05:56 PM
> >                       Please respond to
> >                       freeradius-users
> >
> >
> >
> >
> >
> >
> > On Wed, 21 Apr 2004, Joseph Silvin wrote:
> >
> > > Hi ,
> > >
> > > I am trying to use FreeRadius ACS Server for authentication against IBM
> > > Domino LDAP Server. The following is the error message that I get. I
> have
> > > reproduced both radiusd.conf and log files. Looking forward to someone
> > who
> > > can help on this front.
> > >
> > > Thanks.
> > >
> > > JS
> > > =====================================================
> > > Log file of FreeRadius
> > > ====================================================
> > > Nothing to do.  Sleeping until we see a request.
> > > rad_recv: Access-Request packet from host 127.0.0.1:1026, id=86,
> > length=60
> > >         User-Name = "MyUserName"
> > >         User-Password = "MyLDAPPassword"
> > >         NAS-IP-Address = 255.255.255.255
> > >         NAS-Port = 1
> > > modcall: entering group authorize for request 10
> > >   modcall[authorize]: module "preprocess" returns ok for request 10
> > >   modcall[authorize]: module "chap" returns noop for request 10
> > >   modcall[authorize]: module "eap" returns noop for request 10
> > >     rlm_realm: No '@' in User-Name = "MyUserName", looking up realm
> NULL
> > >     rlm_realm: No such realm "NULL"
> > >   modcall[authorize]: module "suffix" returns noop for request 10
> > >     users: Matched DEFAULT at 152
> > >   modcall[authorize]: module "files" returns ok for request 10
> > >   modcall[authorize]: module "mschap" returns noop for request 10
> > > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat:  '(uid=MyUserName)'
> > > radius_xlat:  'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> > > rlm_ldap: attempting LDAP reconnection
> > > rlm_ldap: (re)connect to 192.168.192.41:389, authentication 0
> > > rlm_ldap: bind as / to 192.168.192.41:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: LDAP login failed: check login, password settings in ldap
> > section
> > > of radiusd.conf
> >
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >
> >
> >
> > If that does not help, nothing will...
> >
> >
> > > rlm_ldap: (re)connection attempt failed
> > > rlm_ldap: search failed
> > > ldap_release_conn: Release Id: 0
> > >   modcall[authorize]: module "ldap" returns fail for request 10
> > > modcall: group authorize returns fail for request 10
> > > Finished request 10
> > > Going to the next request
> > > --- Walking the entire request list ---
> > > Nothing to do.  Sleeping until we see a request.
> > > =========================================================
> > >
> > > ****************DISCLAIMER*****************  This  message  and  any
> > > attachments (hereinafter referred to as the 'mail content')  is
> intended
> > > solely  for  the  addressee. The 'mail content' is confidential  and
> may
> > be
> > > privileged and is also prohibited from disclosure. Access,  use,
> > copying,
> > > distribution  or  re-use  of the 'mail content' by anyone  except  the
> > > addressee is unauthorized. If you are not the intended addressee,
> please
> > > destroy  all  copies  of  the  'mail  content'  in your possession and
> > also
> > > delete the same from your computer. Any views expressed in  the  'mail
> > > content' are those of the individual sender except where the sender,
> > with
> > > due  authority of Jyoti Structures Ltd., specifically states them  to
> be
> > > the  views  of Jyoti Structures Ltd. Nothing contained in the 'mail
> > > content'  is  capable  or  intended  to  create  any legally binding
> > > obligations  on  the  sender,  Jyoti  Structures  Ltd.  The  sender,
> > Jyoti
> > > Structures  Ltd., accepts no responsibility, whatsoever, for loss or
> > damage
> > > from the use of the 'Said Information' including damage from viruses.
> > > ****************************************************
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras                      Network Operations Center
> > [EMAIL PROTECTED]             National Technical University of Athens,
> > Greece
> > Work Phone:                    +30 210 7721861
> > 'Go back to the shadow'        Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras                      Network Operations Center
> [EMAIL PROTECTED]             National Technical University of Athens,
> Greece
> Work Phone:                    +30 210 7721861
> 'Go back to the shadow'        Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to