On Thu, 6 Feb 2003, Alexandre wrote: > yes ! > see the radius.conf:
The *authenticate* section: authenticate{ [ blah blah blah ] } > > Auth-Type := LDAP > ldap { > #server = "ldap.your.domain" > server = diretorio.sede.fazenda.sp.gov.br > identity = "cn=directory manager" > password = ___passowrd ___ > #ASA > #basedn = "o=My Org,c=UA" > basedn = ou=pessoal,o=fazenda,o=sp.gov,c=br > #filter = "(uid=%u{Stripped-User-Name:-%{User-Name}})" > filter = "uid=%u" > > # set this to 'yes' to use TLS encrypted connections > # to the LDAP database by using the StartTLS extended > # operation. > start_tls = no > # set this to 'yes' to use TLS encrypted connections to the > # LDAP database by passing the LDAP_OPT_X_TLS_TRY option to > # the ldap library. > tls_mode = no > > # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" > # profile_attribute = "radiusProfileDn" > #access_attr = "dialupAccess" > > # Mapping of RADIUS dictionary attributes to LDAP > # directory attributes. > dictionary_mapping = ${raddbdir}/ldap.attrmap > > # ldap_cache_timeout = 120 > # ldap_cache_size = 0 > ldap_connections_number = 50 > #password_header = "{clear}" > password_attribute = userPassword > # groupname_attribute = cn > timeout = 4 > timelimit = 3 > net_timeout = 1 > # compare_check_items = yes > #access_attr_used_for_allow = yes > } > > Kostas Kalevras wrote: > > > On Thu, 6 Feb 2003, Alexandre wrote: > > > > > hi Kostas > > > > > > i have ldap module in my authentication directive !!!! > > > i coment many entries in ldap.attrmap file > > > so, now the request check only this: > > > checkItem Auth-Type radiusAuthType > > > > > > but not ok because the user cant authenticate ! > > > > > > see the log: > > > > > > --- Walking the entire request list --- > > > Cleaning up request 29 ID 188 with timestamp 3e42995b > > > Nothing to do. Sleeping until we see a request. > > > rad_recv: Access-Request packet from host 10.12.1.254:1645, id=189, length=103 > > > NAS-IP-Address = 10.12.1.254 > > > NAS-Port = 2 > > > NAS-Port-Type = Async > > > User-Name = "nytaniguchi" > > > Called-Station-Id = "45880998" > > > Calling-Station-Id = "1145230164" > > > User-Password = "taniguchi" > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > modcall: entering group authorize > > > modcall[authorize]: module "preprocess" returns ok > > > rlm_realm: No '@' in User-Name = "nytaniguchi", looking up realm NULL > > > rlm_realm: No such realm NULL > > > modcall[authorize]: module "suffix" returns noop > > > users: Matched DEFAULT at 97 > > > modcall[authorize]: module "files" returns ok > > > rlm_ldap: - authorize > > > rlm_ldap: performing user authorization for nytaniguchi > > > radius_xlat: 'uid=nytaniguchi' > > > radius_xlat: 'ou=pessoal,o=fazenda,o=sp.gov,c=br' > > > ldap_get_conn: Got Id: 0 > > > rlm_ldap: performing search in ou=pessoal,o=fazenda,o=sp.gov,c=br, with filter > > > uid=nytaniguchi > > > rlm_ldap: looking for check items in directory... > > > rlm_ldap: looking for reply items in directory... > > > rlm_ldap: user nytaniguchi authorized to use remote access > > > ldap_release_conn: Release Id: 0 > > > modcall[authorize]: module "ldap" returns ok > > > modcall: group authorize returns ok > > > rad_check_password: Found Auth-Type LDAP > > > auth: type "LDAP" > > > > The ldap module is *not* called in the authenticate section. > > Could you post your authenticate section? > > > > > auth: Failed to validate the user. > > > Login incorrect: [nytaniguchi/taniguchi] (from client intragov port 2 cli > > > 1145230164) > > > Delaying request 30 for 1 seconds > > > Finished request 30 > > > Going to the next request > > > --- Walking the entire request list --- > > > > -- > > Kostas Kalevras Network Operations Center > > [EMAIL PROTECTED] National Technical University of Athens, Greece > > Work Phone: +30 210 7721861 > > 'Go back to the shadow' Gandalf > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ??¬?)?£?.n?+‰·??{.n?+‰·?I???????0???y??v+¬?Š??X¬·?¬z»?†?? > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html