Hi Kostas,

The authentication is working when I used the radtest command. I followed
your guidelines.
But, I am unable to do the same on 636 port. Currently it works on 389
only.

The LDAP server is the Domino server. The FreeRadius server has to connect
on 636 to the Domino LDAP server.
Any suggestions?

Thanks.

JS.



                                                                                       
                                                          
                      Kostas Kalevras                                                  
                                                          
                      <[EMAIL PROTECTED]>                    To:       [EMAIL 
PROTECTED]                                    
                      Sent by:                                cc:                      
                                                          
                      [EMAIL PROTECTED]        Subject:  Re: Problem faced in 
integrating Domino LDAP Server for authentication   
                      eradius.org                              with FreeRadius Server  
                                                          
                                                                                       
                                                          
                                                                                       
                                                          
                      22/04/2004 06:02 PM                                              
                                                          
                      Please respond to                                                
                                                          
                      freeradius-users                                                 
                                                          
                                                                                       
                                                          
                                                                                       
                                                          




On Thu, 22 Apr 2004, Joseph Silvin wrote:

>
> Hi Kostas,
>
> Thanks for the reply. But I am not able to figure out what to check under
> the "identity and password configuration directives". I have run the
> following command and it is able to log in.
>
> ldapsearch -h 192.168.192.41 -vx -W -p 389 -D MyUserName
>
> The above command returns back the LDAP schema.
> Please guide in terms of what changes to make.
>
> Thanks.
>
> JS.

radiusd.conf:


        ldap {
                server = "ldap.your.domain"
                identity = "cn=admin,o=My Org,c=UA"          <----!!!!
                password = mypass
<----!!!!

>
>
> Note: Without the -x option in the ldapsearch, I am not able to connect.
>
>
>
>
>                       Kostas Kalevras
>                       <[EMAIL PROTECTED]>                    To:
[EMAIL PROTECTED]
>                       Sent by:                                cc:
>                       [EMAIL PROTECTED]        Subject:
Re: Problem faced in integrating Domino LDAP Server for authentication
>                       eradius.org                              with
FreeRadius Server
>
>
>                       22/04/2004 04:30 PM
>                       Please respond to
>                       freeradius-users
>
>
>
>
>
>
> On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> >
> > Hi Kostas,
> >
> > Please allow me to explain. I have installed FreeRadius on RedHat
> Advanced
> > Server 2.1. The Domino Server which has LDAP service running is on
> another
> > machine. I am able to authenticate this LDAP using tools like LDAP
> Browser,
> > Outlook Express, Lotus Notes etc. Besides, if you look the log
> file.......
> >
> > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat:  '(uid=MyUserName)'
> > > radius_xlat:  'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> >
> >
> > We can see that it has returned back correctly the radius_xlat
indicating
> > that the correct username has got verified. I have only put the
username
> as
> > "MyUserName".
>
> NO. It has run an xlat on a string. NOTHING more.
>
> Please go ahead an read again my answer and FIX the problem reported to
you
> by
> rlm_ldap. That is, fix the identity and password configuration directives
> so
> that rlm_ldap can connect to the ldap server.
>
> >
> > Can you please clarify what I am missing ?
> >
> > JS
> >
> >
> >
> >
> >
> >                       Kostas Kalevras
> >                       <[EMAIL PROTECTED]>                    To:
> [EMAIL PROTECTED]
> >                       Sent by:                                cc:
> >                       [EMAIL PROTECTED]        Subject:
> Re: Problem faced in integrating Domino LDAP Server for authentication
> >                       eradius.org                              with
> FreeRadius Server
> >
> >
> >                       21/04/2004 05:56 PM
> >                       Please respond to
> >                       freeradius-users
> >
> >
> >
> >
> >
> >
> > On Wed, 21 Apr 2004, Joseph Silvin wrote:
> >
> > > Hi ,
> > >
> > > I am trying to use FreeRadius ACS Server for authentication against
IBM
> > > Domino LDAP Server. The following is the error message that I get. I
> have
> > > reproduced both radiusd.conf and log files. Looking forward to
someone
> > who
> > > can help on this front.
> > >
> > > Thanks.
> > >
> > > JS
> > > =====================================================
> > > Log file of FreeRadius
> > > ====================================================
> > > Nothing to do.  Sleeping until we see a request.
> > > rad_recv: Access-Request packet from host 127.0.0.1:1026, id=86,
> > length=60
> > >         User-Name = "MyUserName"
> > >         User-Password = "MyLDAPPassword"
> > >         NAS-IP-Address = 255.255.255.255
> > >         NAS-Port = 1
> > > modcall: entering group authorize for request 10
> > >   modcall[authorize]: module "preprocess" returns ok for request 10
> > >   modcall[authorize]: module "chap" returns noop for request 10
> > >   modcall[authorize]: module "eap" returns noop for request 10
> > >     rlm_realm: No '@' in User-Name = "MyUserName", looking up realm
> NULL
> > >     rlm_realm: No such realm "NULL"
> > >   modcall[authorize]: module "suffix" returns noop for request 10
> > >     users: Matched DEFAULT at 152
> > >   modcall[authorize]: module "files" returns ok for request 10
> > >   modcall[authorize]: module "mschap" returns noop for request 10
> > > rlm_ldap: - authorize
> > > rlm_ldap: performing user authorization for MyUserName
> > > radius_xlat:  '(uid=MyUserName)'
> > > radius_xlat:  'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > ldap_get_conn: Got Id: 0
> > > rlm_ldap: attempting LDAP reconnection
> > > rlm_ldap: (re)connect to 192.168.192.41:389, authentication 0
> > > rlm_ldap: bind as / to 192.168.192.41:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: LDAP login failed: check login, password settings in ldap
> > section
> > > of radiusd.conf
> >
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>
> >
> >
> >
> > If that does not help, nothing will...
> >
> >
> > > rlm_ldap: (re)connection attempt failed
> > > rlm_ldap: search failed
> > > ldap_release_conn: Release Id: 0
> > >   modcall[authorize]: module "ldap" returns fail for request 10
> > > modcall: group authorize returns fail for request 10
> > > Finished request 10
> > > Going to the next request
> > > --- Walking the entire request list ---
> > > Nothing to do.  Sleeping until we see a request.
> > > =========================================================
> > >
> > > ****************DISCLAIMER*****************  This  message  and  any
> > > attachments (hereinafter referred to as the 'mail content')  is
> intended
> > > solely  for  the  addressee. The 'mail content' is confidential  and
> may
> > be
> > > privileged and is also prohibited from disclosure. Access,  use,
> > copying,
> > > distribution  or  re-use  of the 'mail content' by anyone  except
the
> > > addressee is unauthorized. If you are not the intended addressee,
> please
> > > destroy  all  copies  of  the  'mail  content'  in your possession
and
> > also
> > > delete the same from your computer. Any views expressed in  the
'mail
> > > content' are those of the individual sender except where the sender,
> > with
> > > due  authority of Jyoti Structures Ltd., specifically states them  to
> be
> > > the  views  of Jyoti Structures Ltd. Nothing contained in the 'mail
> > > content'  is  capable  or  intended  to  create  any legally binding
> > > obligations  on  the  sender,  Jyoti  Structures  Ltd.  The  sender,
> > Jyoti
> > > Structures  Ltd., accepts no responsibility, whatsoever, for loss or
> > damage
> > > from the use of the 'Said Information' including damage from viruses.
> > > ****************************************************
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras                      Network Operations Center
> > [EMAIL PROTECTED]             National Technical University of Athens,
> > Greece
> > Work Phone:                    +30 210 7721861
> > 'Go back to the shadow'        Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras                      Network Operations Center
> [EMAIL PROTECTED]             National Technical University of Athens,
> Greece
> Work Phone:                    +30 210 7721861
> 'Go back to the shadow'        Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras                      Network Operations Center
[EMAIL PROTECTED]             National Technical University of Athens,
Greece
Work Phone:                    +30 210 7721861
'Go back to the shadow'        Gandalf

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to