I am extremely sorry. Looks like it created new thread with same title. Really apologized. Admin's please merge the thread.
Eric. --- Eric Martell <[EMAIL PROTECTED]> wrote: > Hi, > Is it possible to altogether avoid authenticate > section and just do ldap lookups in the authorize > section? > > authorize { > ldap { > notfound = reject > } > } > > The problem is in the authenticate section, radius > gets the userDN from the authorize and tries to > "bind" > ldap with password which we don't have. > > I also tried in users file > Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2` > > But for some reason it is not working. > > Please help. > > Let me know if you need more information or please > guide me to any documentation. > > Thanks and Regards, > Eric. > > > > > > --- Eric Martell <[EMAIL PROTECTED]> wrote: > > > I am little bit confused as how to configure > > radiusd.conf in the authorize and/or authenticate > > section. So password is going to act like ldap > > attribute. > > > > We are going to pass, username and ldap attribute > > (home phone #) as input for each user. > > > > The way it is configured now is in the modules, > > > > ldap { > > server = "10.11.12.2" > > identity = "cn=Manager,dc=eng,dc=com" > > password = answer2 > > basedn = "dc=eng,dc=com" > > > > filter = > > > "(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))" > > // just for testing > > > > ldap_connections_number = 5 > > > > timeout = 4 > > > > timelimit = 3 > > > > net_timeout = 1 > > > > } > > > > > > > > > > > > authorize { > > .. > > .. > > .. > > ldap > > ... > > > > } > > > > authenticate { > > Auth-Type LDAP { > > ldap > > } > > } > > > > > > In the logs it says: > > > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for test1 > > radius_xlat: '(&(uid=test1)(phone=1231313128))' > > radius_xlat: 'dc=eng,dc=com' > > rlm_ldap: ldap_get_conn: Checking Id: 0 > > rlm_ldap: ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2 > > > rlm_ldap: waiting for bind result ... > > rlm_ldap: Bind was successful > > rlm_ldap: performing search in dc=eng,dc=com, with > > filter (&(uid=test1)(phone=1231313128)) > > rlm_ldap: looking for check items in directory... > > rlm_ldap: looking for reply items in directory... > > rlm_ldap: user test1 authorized to use remote > access > > > > > > this is good.... > > But in the authenticate section > > > > > > rlm_ldap: - authenticate > > rlm_ldap: login attempt by "test1" with password > > "1231313128" > > rlm_ldap: user DN: id=1967816, dc=eng,dc=com > > rlm_ldap: bind as id=1967816, > > dc=eng,dc=com/1231313128 > > > > rlm_ldap: waiting for bind result ... > > rlm_ldap: id=1967816, dc=eng,dc=com bind to > > 10.11.12.2:389 failed Inappropriate authentication > > rlm_ldap: ldap_connect() failed > > > > > > > > Not sure why it is trying to bind as id=1967816, > > dc=eng,dc=com/1231313128 > > > > The only thing I want to do it, just authorize the > > ldap and pass the user through. > > > > > > Please let me know if I am missing something. > > > > Thanks so much. > > > > Regards, > > Erik. > > > > > > > > > > > ____________________________________________________________________________________ > > Be a better sports nut! Let your teams follow you > > > with Yahoo Mobile. Try it now. > > > http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ > > > > > > > ____________________________________________________________________________________ > Get easy, one-click access to your favorites. > Make Yahoo! your homepage. > http://www.yahoo.com/r/hs > ____________________________________________________________________________________ Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how. http://overview.mail.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html