Re: freeradius ldap connector
OK thanks > Message du 09/03/07 à 09h52 > De : "Alan DeKok" > A : [EMAIL PROTECTED], "FreeRadius users mailing list" > Copie à : > Objet : Re: freeradius ldap connector > > [EMAIL PROTECTED] wrote: > > > > you can see the debug. there are 7 searches for an uid that doesn't > > exist in the ldap directory: > > Because you told the server to do that. Please read the debug log to > see why. > > ... > > rlm_ldap: object not found or got ambiguous search result > > rlm_ldap::ldap_groupcmp: search failed > ... > > users: Matched DEFAULT at 116 > > You have 7 uses of "LDAP-Group" in the "users" file. > > If you don't want the server to perform LDAP lookups, don't configure > it to do LDAP lookups. > > And the LDAP lookups aren't cached in FreeRADIUS. Doing so would be > wrong, for a whole host of reasons. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > >- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ldap connector
[EMAIL PROTECTED] wrote: > > you can see the debug. there are 7 searches for an uid that doesn't > exist in the ldap directory: Because you told the server to do that. Please read the debug log to see why. ... > rlm_ldap: object not found or got ambiguous search result > rlm_ldap::ldap_groupcmp: search failed ... > users: Matched DEFAULT at 116 You have 7 uses of "LDAP-Group" in the "users" file. If you don't want the server to perform LDAP lookups, don't configure it to do LDAP lookups. And the LDAP lookups aren't cached in FreeRADIUS. Doing so would be wrong, for a whole host of reasons. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ldap connector
Hi, you can see the debug. there are 7 searches for an uid that doesn't exist in the ldap directory: rlm_ldap: - authorize rlm_ldap: performing user authorization for X06dfdgdg radius_xlat: '(uid=X06dfdgdg)' radius_xlat: 'ou=PERSONNES,o=sg' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldaps://ldap-homo.sesme.group.scen, authentication 0 rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cat-caconcerto-sogepa ss.pem rlm_ldap: setting TLS Require Cert to demand rlm_ldap: bind as sgzoneid=guards,ou=eloit,ou=personnes,o=sg/ghkhkk to ldaps: //ldap-homo.sesame.group.socgen rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 116 modcall[authorize]: module "files" returns ok for request 0 modcall: group group returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 116 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect (rlm_ldap: User not found): [X06dfdgdg] (from client sdfsfds por t 1 cli 192.18.136.19) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 165 to 192.18.136.44:1812 Reply-Message = "forbidden." Waking up in 4 seconds... > Message du 06/03/07 à 11h58 > De : "Michael Mitchell" > A : "FreeRadius users mailing list" > Copie à : > Objet : Re: freeradius ldap connector > > [EMAIL PROTECTED] wrote: > > I notice that Freeradius tries 6 times to find a user in my LDAP > > directory when this user doesn't existe. > > > > err, really? During authorisation (where a search is performed by a > priviledged user) or during authentication (where an attempt may be made to > bind to LDAP as the customer)? >
Re: freeradius ldap connector
you can see the debug. there are 7 searches for an uid that doesn't exist in the ldap directory: rlm_ldap: - authorize rlm_ldap: performing user authorization for X06dfdgdg radius_xlat: '(uid=X06dfdgdg)' radius_xlat: 'ou=PERSONNES,o=sg' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldaps://ldap-homo.sesme.group.scen, authentication 0 rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cat-caconcerto-sogepa ss.pem rlm_ldap: setting TLS Require Cert to demand rlm_ldap: bind as sgzoneid=guards,ou=eloit,ou=personnes,o=sg/ghkhkk to ldaps: //ldap-homo.sesame.group.socgen rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 116 modcall[authorize]: module "files" returns ok for request 0 modcall: group group returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=PERSONNES,o=sg' radius_xlat: '(uid=X06dfdgdg)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=PERSONNES,o=sg, with filter (uid=X06dfdgdg) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 116 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect (rlm_ldap: User not found): [X06dfdgdg] (from client sdfsfds por t 1 cli 192.18.136.19) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 165 to 192.18.136.44:1812 Reply-Message = "forbidden." Waking up in 4 seconds... > Message du 06/03/07 à 11h58 > De : "Michael Mitchell" > A : "FreeRadius users mailing list" > Copie à : > Objet : Re: freeradius ldap connector > > [EMAIL PROTECTED] wrote: > > I notice that Freeradius tries 6 times to find a user in my LDAP &
Re: freeradius ldap connector
[EMAIL PROTECTED] wrote: > I notice that Freeradius tries 6 times to find a user in my LDAP > directory when this user doesn't existe. > err, really? During authorisation (where a search is performed by a priviledged user) or during authentication (where an attempt may be made to bind to LDAP as the customer)? What does the debug say? (run radiusd with the -X flag). > Is there a mean to make freeradius tries only one time ? It only tries once for me, but I only do LDAP "authorisation". regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius ldap connector
Hello, I use freeradius 1.0.1 LDAP connector to request a LDAP directory. I notice that Freeradius tries 6 times to find a user in my LDAP directory when this user doesn't existe. Is there a mean to make freeradius tries only one time ? Thanks Thomas- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html