Hi, Is it possible to altogether avoid authenticate section and just do ldap lookups in the authorize section?
authorize { ldap { notfound = reject } } The problem is in the authenticate section, radius gets the userDN from the authorize and tries to "bind" ldap with password which we don't have. I also tried in users file Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2` But for some reason it is not working. Please help. Let me know if you need more information or please guide me to any documentation. Thanks and Regards, Eric. --- Eric Martell <[EMAIL PROTECTED]> wrote: > I am little bit confused as how to configure > radiusd.conf in the authorize and/or authenticate > section. So password is going to act like ldap > attribute. > > We are going to pass, username and ldap attribute > (home phone #) as input for each user. > > The way it is configured now is in the modules, > > ldap { > server = "10.11.12.2" > identity = "cn=Manager,dc=eng,dc=com" > password = answer2 > basedn = "dc=eng,dc=com" > > filter = > "(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))" > // just for testing > > ldap_connections_number = 5 > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > } > > > > > > authorize { > .. > .. > .. > ldap > ... > > } > > authenticate { > Auth-Type LDAP { > ldap > } > } > > > In the logs it says: > > rlm_ldap: - authorize > rlm_ldap: performing user authorization for test1 > radius_xlat: '(&(uid=test1)(phone=1231313128))' > radius_xlat: 'dc=eng,dc=com' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in dc=eng,dc=com, with > filter (&(uid=test1)(phone=1231313128)) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user test1 authorized to use remote access > > > this is good.... > But in the authenticate section > > > rlm_ldap: - authenticate > rlm_ldap: login attempt by "test1" with password > "1231313128" > rlm_ldap: user DN: id=1967816, dc=eng,dc=com > rlm_ldap: bind as id=1967816, > dc=eng,dc=com/1231313128 > > rlm_ldap: waiting for bind result ... > rlm_ldap: id=1967816, dc=eng,dc=com bind to > 10.11.12.2:389 failed Inappropriate authentication > rlm_ldap: ldap_connect() failed > > > > Not sure why it is trying to bind as id=1967816, > dc=eng,dc=com/1231313128 > > The only thing I want to do it, just authorize the > ldap and pass the user through. > > > Please let me know if I am missing something. > > Thanks so much. > > Regards, > Erik. > > > > > ____________________________________________________________________________________ > Be a better sports nut! Let your teams follow you > with Yahoo Mobile. Try it now. > http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ > ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html