Hi Kostas,
What you diagonized was absolutely right. I am not able to connect to the
Domino LDAP Server on port 636 from the Linux OS. But, I am able to connect
to the ldaps port of the LDAP Server from Windows client.
I have the cert.cer file (which can be used to install the certificate on
to the Trusted Root) with me. How do I merge this into the FreeRadius
Server ?
Thanks.
JS
Kostas Kalevras
<[EMAIL PROTECTED]> To: [EMAIL
PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: Re: Problem faced in
integrating Domino LDAP Server for authentication
eradius.org with FreeRadius Server
26/04/2004 08:46 PM
Please respond to
freeradius-users
On Sat, 24 Apr 2004, Joseph Silvin wrote:
>
> Hi Kostas,
>
> The authentication is working when I used the radtest command. I followed
> your guidelines.
> But, I am unable to do the same on 636 port. Currently it works on 389
> only.
>
> The LDAP server is the Domino server. The FreeRadius server has to
connect
> on 636 to the Domino LDAP server.
> Any suggestions?
Test that ldaps (port 636) is working with ldapsearch
Follow the instructions in doc/rlm_ldap in order to enable connections to
port
636
Post debug information if you can't get it to work.
>
> Thanks.
>
> JS.
>
>
>
>
> Kostas Kalevras
> <[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
> Sent by: cc:
> [EMAIL PROTECTED] Subject:
Re: Problem faced in integrating Domino LDAP Server for authentication
> eradius.org with
FreeRadius Server
>
>
> 22/04/2004 06:02 PM
> Please respond to
> freeradius-users
>
>
>
>
>
>
> On Thu, 22 Apr 2004, Joseph Silvin wrote:
>
> >
> > Hi Kostas,
> >
> > Thanks for the reply. But I am not able to figure out what to check
under
> > the "identity and password configuration directives". I have run the
> > following command and it is able to log in.
> >
> > ldapsearch -h 192.168.192.41 -vx -W -p 389 -D MyUserName
> >
> > The above command returns back the LDAP schema.
> > Please guide in terms of what changes to make.
> >
> > Thanks.
> >
> > JS.
>
> radiusd.conf:
>
>
> ldap {
> server = "ldap.your.domain"
> identity = "cn=admin,o=My Org,c=UA" <----!!!!
> password = mypass
> <----!!!!
>
> >
> >
> > Note: Without the -x option in the ldapsearch, I am not able to
connect.
> >
> >
> >
> >
> > Kostas Kalevras
> > <[EMAIL PROTECTED]> To:
> [EMAIL PROTECTED]
> > Sent by: cc:
> > [EMAIL PROTECTED] Subject:
> Re: Problem faced in integrating Domino LDAP Server for authentication
> > eradius.org with
> FreeRadius Server
> >
> >
> > 22/04/2004 04:30 PM
> > Please respond to
> > freeradius-users
> >
> >
> >
> >
> >
> >
> > On Thu, 22 Apr 2004, Joseph Silvin wrote:
> >
> > >
> > > Hi Kostas,
> > >
> > > Please allow me to explain. I have installed FreeRadius on RedHat
> > Advanced
> > > Server 2.1. The Domino Server which has LDAP service running is on
> > another
> > > machine. I am able to authenticate this LDAP using tools like LDAP
> > Browser,
> > > Outlook Express, Lotus Notes etc. Besides, if you look the log
> > file.......
> > >
> > > rlm_ldap: - authorize
> > > > rlm_ldap: performing user authorization for MyUserName
> > > > radius_xlat: '(uid=MyUserName)'
> > > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > > ldap_get_conn: Got Id: 0
> > >
> > >
> > > We can see that it has returned back correctly the radius_xlat
> indicating
> > > that the correct username has got verified. I have only put the
> username
> > as
> > > "MyUserName".
> >
> > NO. It has run an xlat on a string. NOTHING more.
> >
> > Please go ahead an read again my answer and FIX the problem reported to
> you
> > by
> > rlm_ldap. That is, fix the identity and password configuration
directives
> > so
> > that rlm_ldap can connect to the ldap server.
> >
> > >
> > > Can you please clarify what I am missing ?
> > >
> > > JS
> > >
> > >
> > >
> > >
> > >
> > > Kostas Kalevras
> > > <[EMAIL PROTECTED]> To:
> > [EMAIL PROTECTED]
> > > Sent by: cc:
> > > [EMAIL PROTECTED]
Subject:
> > Re: Problem faced in integrating Domino LDAP Server for authentication
> > > eradius.org with
> > FreeRadius Server
> > >
> > >
> > > 21/04/2004 05:56 PM
> > > Please respond to
> > > freeradius-users
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Wed, 21 Apr 2004, Joseph Silvin wrote:
> > >
> > > > Hi ,
> > > >
> > > > I am trying to use FreeRadius ACS Server for authentication against
> IBM
> > > > Domino LDAP Server. The following is the error message that I get.
I
> > have
> > > > reproduced both radiusd.conf and log files. Looking forward to
> someone
> > > who
> > > > can help on this front.
> > > >
> > > > Thanks.
> > > >
> > > > JS
> > > > =====================================================
> > > > Log file of FreeRadius
> > > > ====================================================
> > > > Nothing to do. Sleeping until we see a request.
> > > > rad_recv: Access-Request packet from host 127.0.0.1:1026, id=86,
> > > length=60
> > > > User-Name = "MyUserName"
> > > > User-Password = "MyLDAPPassword"
> > > > NAS-IP-Address = 255.255.255.255
> > > > NAS-Port = 1
> > > > modcall: entering group authorize for request 10
> > > > modcall[authorize]: module "preprocess" returns ok for request 10
> > > > modcall[authorize]: module "chap" returns noop for request 10
> > > > modcall[authorize]: module "eap" returns noop for request 10
> > > > rlm_realm: No '@' in User-Name = "MyUserName", looking up realm
> > NULL
> > > > rlm_realm: No such realm "NULL"
> > > > modcall[authorize]: module "suffix" returns noop for request 10
> > > > users: Matched DEFAULT at 152
> > > > modcall[authorize]: module "files" returns ok for request 10
> > > > modcall[authorize]: module "mschap" returns noop for request 10
> > > > rlm_ldap: - authorize
> > > > rlm_ldap: performing user authorization for MyUserName
> > > > radius_xlat: '(uid=MyUserName)'
> > > > radius_xlat: 'ou=MyDept,ou=SBULocation,o=MyOrg'
> > > > ldap_get_conn: Got Id: 0
> > > > rlm_ldap: attempting LDAP reconnection
> > > > rlm_ldap: (re)connect to 192.168.192.41:389, authentication 0
> > > > rlm_ldap: bind as / to 192.168.192.41:389
> > > > rlm_ldap: waiting for bind result ...
> > > > rlm_ldap: LDAP login failed: check login, password settings in ldap
> > > section
> > > > of radiusd.conf
> > >
> >
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >
> > >
> > >
> > >
> > > If that does not help, nothing will...
> > >
> > >
> > > > rlm_ldap: (re)connection attempt failed
> > > > rlm_ldap: search failed
> > > > ldap_release_conn: Release Id: 0
> > > > modcall[authorize]: module "ldap" returns fail for request 10
> > > > modcall: group authorize returns fail for request 10
> > > > Finished request 10
> > > > Going to the next request
> > > > --- Walking the entire request list ---
> > > > Nothing to do. Sleeping until we see a request.
> > > > =========================================================
> > > >
> > > > ****************DISCLAIMER***************** This message and
any
> > > > attachments (hereinafter referred to as the 'mail content') is
> > intended
> > > > solely for the addressee. The 'mail content' is confidential
and
> > may
> > > be
> > > > privileged and is also prohibited from disclosure. Access, use,
> > > copying,
> > > > distribution or re-use of the 'mail content' by anyone except
> the
> > > > addressee is unauthorized. If you are not the intended addressee,
> > please
> > > > destroy all copies of the 'mail content' in your possession
> and
> > > also
> > > > delete the same from your computer. Any views expressed in the
> 'mail
> > > > content' are those of the individual sender except where the
sender,
> > > with
> > > > due authority of Jyoti Structures Ltd., specifically states them
to
> > be
> > > > the views of Jyoti Structures Ltd. Nothing contained in the 'mail
> > > > content' is capable or intended to create any legally
binding
> > > > obligations on the sender, Jyoti Structures Ltd. The
sender,
> > > Jyoti
> > > > Structures Ltd., accepts no responsibility, whatsoever, for loss
or
> > > damage
> > > > from the use of the 'Said Information' including damage from
viruses.
> > > > ****************************************************
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > > --
> > > Kostas Kalevras Network Operations Center
> > > [EMAIL PROTECTED] National Technical University of
Athens,
> > > Greece
> > > Work Phone: +30 210 7721861
> > > 'Go back to the shadow' Gandalf
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens,
> > Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens,
> Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens,
Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
