hi Kostas
i have ldap module in my authentication directive !!!!
i coment many entries in ldap.attrmap file
so, now the request check only this:
checkItem Auth-Type radiusAuthType
but not ok because the user cant authenticate !
see the log:
--- Walking the entire request list ---
Cleaning up request 29 ID 188 with timestamp 3e42995b
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.12.1.254:1645, id=189, length=103
NAS-IP-Address = 10.12.1.254
NAS-Port = 2
NAS-Port-Type = Async
User-Name = "nytaniguchi"
Called-Station-Id = "45880998"
Calling-Station-Id = "1145230164"
User-Password = "taniguchi"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: No '@' in User-Name = "nytaniguchi", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 97
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for nytaniguchi
radius_xlat: 'uid=nytaniguchi'
radius_xlat: 'ou=pessoal,o=fazenda,o=sp.gov,c=br'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=pessoal,o=fazenda,o=sp.gov,c=br, with filter
uid=nytaniguchi
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user nytaniguchi authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
auth: Failed to validate the user.
Login incorrect: [nytaniguchi/taniguchi] (from client intragov port 2 cli
1145230164)
Delaying request 30 for 1 seconds
Finished request 30
Going to the next request
--- Walking the entire request list ---
Kostas Kalevras wrote:
> On Thu, 6 Feb 2003, Kostas Kalevras wrote:
>
> > hi Kostas
> > have you running ok ????
>
> Just fine
>
> > please, give a help ?
> > i need freeradius against iplanet Directory
> > but the user do not can get atributes of the ldap ...
> > so the user can`t conect
>
> The one thing is not related to the other
>
> > see the logs:
> > Cleaning up request 9 ID 55 with timestamp 3e42857f
> > Sending Access-Reject of id 56 to 10.12.1.254:1645
> > Waking up in 2 seconds...
> > rad_recv: Access-Request packet from host 10.12.1.254:1645, id=57,
> > length=100
> > NAS-IP-Address = 10.12.1.254
> > NAS-Port = 15
> > NAS-Port-Type = Async
> > User-Name = "jlelizeu" ==> this is a User
> > Called-Station-Id = "33550998"
> > Calling-Station-Id = "1130311497"
> > User-Password = "afrnf1"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > modcall: entering group authorize
> > modcall[authorize]: module "preprocess" returns ok
> > rlm_realm: No '@' in User-Name = "jlelizeu", looking up realm NULL
> > rlm_realm: No such realm NULL
> > modcall[authorize]: module "suffix" returns noop
> > users: Matched DEFAULT at 96
> > modcall[authorize]: module "files" returns ok
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for jlelizeu
> > radius_xlat: '(&(uid=jlelizeu)(employeetype=active))'
> > radius_xlat: 'ou=pessoal,o=fazenda,o=sp.gov,c=br'
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in ou=pessoal,o=fazenda,o=sp.gov,c=br, with
> > filter (&(uid=jlelizeu)(employeetype=active))
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user jlelizeu authorized to use remote access
> > ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok
> > modcall: group authorize returns ok
> > rad_check_password: Found Auth-Type LDAP
> > auth: type "LDAP"
> > auth: Failed to validate the user.
>
> So have you added the ldap module in your authenticate section? Particularly in
> the LDAP {} section
>
> > Login incorrect: [jlelizeu/afrnf1] (from client intragov port 15 cli
> > 1130311497)
> > Delaying request 11 for 1 seconds
> > Finished request 11
> > Going to the next request
> > Waking up in 2 seconds...
> > --- Walking the entire request list ---
> >
> >
> >
> > Kostas Kalevras wrote:
> > On Thu, 6 Feb 2003, Gustavo Lozano wrote:
> > > Does anyone have such scenario running?
> > >
> > > We want to setup freerad against Iplanet Directory server using
> > > rlm_ldap.
> > >
> > > Just to know good/bad experiences
> > Works just perfect
> > >
> > > --
> > > _________________ __________________
> > > Gustavo A. Lozano Noldata Corporation
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.+-ŠwèþË›±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš