I have correctly configured the LDAP module (I think...) but when I try
to authenticate a user I get an error saying the user cannot be found.
I have attached the debug output. I have tried turning the "follow
referrals" and "rebind" vars on and off but I get the same outcome. At
first, I was getting a timeout error but I increased the timeouts and
fixed that.
I know the user is correct. Here is the LDAP string for the user:
LDAP://CN=dspam,OU=InformationTechnology,OU=UsersByDepartment,OU=Adminis
trative,DC=umhb,DC=edu
Any ideas?
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.11.30.5 port 32838, id=5, length=51
User-Name = "dspam"
User-Password = "111111"
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dspam", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for dspam
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> dspam
[ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) -> (CN=dspam)
[ldap] expand: DC=umhb, DC=edu -> DC=umhb, DC=edu
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to omega.umhb.edu:389, authentication 0
rlm_ldap: bind as / to omega.umhb.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in DC=umhb, DC=edu, with filter (CN=dspam)
rlm_ldap: rebind to URL ldap://cru.umhb.edu/DC=cru,DC=umhb,DC=edu
rlm_ldap: rebind to URL
ldap://ForestDnsZones.umhb.edu/DC=ForestDnsZones,DC=umhb,DC=edu
rlm_ldap: rebind to URL
ldap://DomainDnsZones.umhb.edu/DC=DomainDnsZones,DC=umhb,DC=edu
rlm_ldap: rebind to URL ldap://umhb.edu/CN=Configuration,DC=umhb,DC=edu
rlm_ldap: object not found
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> dspam
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 5 to 10.11.30.5 port 32838
Waking up in 4.9 seconds.
Cleaning up request 0 ID 5 with timestamp +14
Ready to process requests.
rad_recv: Access-Request packet from host 10.11.30.5 port 32838, id=109,
length=51
User-Name = "dspam"
User-Password = "111111"
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dspam", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for dspam
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> dspam
[ldap] expand: (CN=%{%{Stripped-User-Name}:-%{User-Name}}) -> (CN=dspam)
[ldap] expand: DC=umhb, DC=edu -> DC=umhb, DC=edu
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to omega.umhb.edu:389, authentication 0
rlm_ldap: bind as / to omega.umhb.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in DC=umhb, DC=edu, with filter (CN=dspam)
rlm_ldap: object not found
[ldap] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> dspam
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 109 to 10.11.30.5 port 32838
Waking up in 4.9 seconds.
Cleaning up request 0 ID 109 with timestamp +32
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
