Hi Kostas,
The authentication is working when I used the radtest command. I followed
your guidelines.
But, I am unable to do the same on 636 port. Currently it works on 389
only.
The LDAP server is the Domino server. The FreeRadius server has to connect
on 636 to the Domino LDAP server.
Any suggestions?
Thanks.
JS.
Kostas Kalevras
<[EMAIL PROTECTED]> To: [EMAIL
PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: Re: Problem faced in
integrating Domino LDAP Server for authentication
eradius.org with FreeRadius Server
22/04/2004 06:02 PM
Please respond to
freeradius-users
On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> Hi Kostas,
>
> Thanks for the reply. But I am not able to figure out what to check under
> the "identity and password configuration directives". I have run the
> following command and it is able to log in.
>
> ldapsearch -h 192.168.192.41 -vx -W -p 389 -D MyUserName
>
> The above command returns back the LDAP schema.
> Please guide in terms of what changes to make.
>
> Thanks.
>
> JS.
radiusd.conf:
ldap {
server = "ldap.your.domain"
identity = "cn=admin,o=My Org,c=UA" <----!!!!
password = mypass
<----!!!!
>
>
> Note: Without the -x option in the ldapsearch, I am not able to connect.
>
>
>
>
> Kostas Kalevras
> <[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
> Sent by: cc:
> [EMAIL PROTECTED] Subject:
Re: Problem faced in integrating Domino LDAP Server for authentication
> eradius.org with
FreeRadius Server
>
>
> 22/04/2004 04:30 PM
> Please respond to
> freeradius-users
>
>
>
>
>
>
> On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> >
> > Hi Kostas,
> >
> > Please allow me to explain. I have installed FreeRadius on RedHat
> Advanced
> > Server 2.1. The Domino Server which has LDAP service running is on
> another
> > machine. I am able to authenticate this LDAP using tools like LDAP
> Browser,
> > Outlook Express, Lotus Notes etc. Besides, if you look the log
> file.......
> >
> > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat: '(uid=MyUserName)'
> > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> >
> >
> > We can see that it has returned back correctly the radius_xlat
indicating
> > that the correct username has got verified. I have only put the
username
> as
> > "MyUserName".
>
> NO. It has run an xlat on a string. NOTHING more.
>
> Please go ahead an read again my answer and FIX the problem reported to
you
> by
> rlm_ldap. That is, fix the identity and password configuration directives
> so
> that rlm_ldap can connect to the ldap server.
>
> >
> > Can you please clarify what I am missing ?
> >
> > JS
> >
> >
> >
> >
> >
> > Kostas Kalevras
> > <[EMAIL PROTECTED]> To:
> [EMAIL PROTECTED]
> > Sent by: cc:
> > [EMAIL PROTECTED] Subject:
> Re: Problem faced in integrating Domino LDAP Server for authentication
> > eradius.org with
> FreeRadius Server
> >
> >
> > 21/04/2004 05:56 PM
> > Please respond to
> > freeradius-users
> >
> >
> >
> >
> >
> >
> > On Wed, 21 Apr 2004, Joseph Silvin wrote:
> >
> > > Hi ,
> > >
> > > I am trying to use FreeRadius ACS Server for authentication against
IBM
> > > Domino LDAP Server. The following is the error message that I get. I
> have
> > > reproduced both radiusd.conf and log files. Looking forward to
someone
> > who
> > > can help on this front.
> > >
> > > Thanks.
> > >
> > > JS
> > > =====================================================
> > > Log file of FreeRadius
> > > ====================================================
> > > Nothing to do. Sleeping until we see a request.
> > > rad_recv: Access-Request packet from host 127.0.0.1:1026, id=86,
> > length=60
> > > User-Name = "MyUserName"
> > > User-Password = "MyLDAPPassword"
> > > NAS-IP-Address = 255.255.255.255
> > > NAS-Port = 1
> > > modcall: entering group authorize for request 10
> > > modcall[authorize]: module "preprocess" returns ok for request 10
> > > modcall[authorize]: module "chap" returns noop for request 10
> > > modcall[authorize]: module "eap" returns noop for request 10
> > > rlm_realm: No '@' in User-Name = "MyUserName", looking up realm
> NULL
> > > rlm_realm: No such realm "NULL"
> > > modcall[authorize]: module "suffix" returns noop for request 10
> > > users: Matched DEFAULT at 152
> > > modcall[authorize]: module "files" returns ok for request 10
> > > modcall[authorize]: module "mschap" returns noop for request 10
> > > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat: '(uid=MyUserName)'
> > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> > > rlm_ldap: attempting LDAP reconnection
> > > rlm_ldap: (re)connect to 192.168.192.41:389, authentication 0
> > > rlm_ldap: bind as / to 192.168.192.41:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: LDAP login failed: check login, password settings in ldap
> > section
> > > of radiusd.conf
> >
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >
> >
> >
> > If that does not help, nothing will...
> >
> >
> > > rlm_ldap: (re)connection attempt failed
> > > rlm_ldap: search failed
> > > ldap_release_conn: Release Id: 0
> > > modcall[authorize]: module "ldap" returns fail for request 10
> > > modcall: group authorize returns fail for request 10
> > > Finished request 10
> > > Going to the next request
> > > --- Walking the entire request list ---
> > > Nothing to do. Sleeping until we see a request.
> > > =========================================================
> > >
> > > ****************DISCLAIMER***************** This message and any
> > > attachments (hereinafter referred to as the 'mail content') is
> intended
> > > solely for the addressee. The 'mail content' is confidential and
> may
> > be
> > > privileged and is also prohibited from disclosure. Access, use,
> > copying,
> > > distribution or re-use of the 'mail content' by anyone except
the
> > > addressee is unauthorized. If you are not the intended addressee,
> please
> > > destroy all copies of the 'mail content' in your possession
and
> > also
> > > delete the same from your computer. Any views expressed in the
'mail
> > > content' are those of the individual sender except where the sender,
> > with
> > > due authority of Jyoti Structures Ltd., specifically states them to
> be
> > > the views of Jyoti Structures Ltd. Nothing contained in the 'mail
> > > content' is capable or intended to create any legally binding
> > > obligations on the sender, Jyoti Structures Ltd. The sender,
> > Jyoti
> > > Structures Ltd., accepts no responsibility, whatsoever, for loss or
> > damage
> > > from the use of the 'Said Information' including damage from viruses.
> > > ****************************************************
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens,
> > Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens,
> Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens,
Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html