|
Hey guys,
I used Radius with openLDAP, and try to do
authentication and then retrieve an attribute of
the object if authenticate
successfully.
(a)
From openLDAP by ./ldapsearch -x -b 'dc=example,dc=com' '(uid=chin)'
# chin, people, example.com
dn: uid=chin,ou=people,dc=example,dc=com sn: chin userPassword:: Y2Job2gxMjM= loginShell: /bin/ksh l: Lincoln uidNumber: 10001 gidNumber: 10001 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: posixAccount objectClass: radiusprofile uid: chin gecos: test acct cn: cbhoh homeDirectory: /home/cbhoh description: test acct for radius auth st: Nebraska radiusServiceType: PPP (b)
Then i run ./radtest chin cbhoh123 127.0.0.1:8000
10 testing123
Sending Access-Request of id 189 to
127.0.0.1:8000
User-Name = "chin" User-Password = "cbhoh123" NAS-IP-Address = acbuilder NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:8000, id=189, length=29 Reply-Message = "Hello, " From the users file:
chin
Auth-Type := LDAP
Reply-Message = "Hello, %{Service-Type}", Fall-Through = No The problem is that I can NOT get %{Service-Type}
value, i already setup radiusd.conf like:
# and sample authorize{} and authenticate{}
blocks
ldap { server = "127.0.0.1" port = "389" basedn = "ou=people,dc=example,dc=com" filter = "(uid=%u)"
start_tls = no
access_attr = "radiusServiceType"
dictionary_mapping =
${raddbdir}/ldap.attrmap
... }
authorize {
preprocess
...
..
ldap
{
notfound = return } }
The following are the debug messages from
radiusd:
rad_recv: Access-Request packet from host
127.0.0.1:1092, id=168, length=56
User-Name = "chin" User-Password = "cbhoh123" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "chin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched chin at 69 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for chin radius_xlat: '(uid=chin)' radius_xlat: 'ou=people,dc=example,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 rlm_ldap: bind as / to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=people,dc=example,dc=com, with filter (uid=chin) rlm_ldap: checking if remote access for chin is allowed by radiusServiceType rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusServiceType as Service-Type, value PPP & op=11 rlm_ldap: user chin authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "chin" with password "cbhoh123" rlm_ldap: user DN: uid=chin,ou=people,dc=example,dc=com rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1 rlm_ldap: bind as uid=chin,ou=people,dc=example,dc=com/cbhoh123 to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: user chin authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 0 modcall: group Auth-Type returns ok for request 0 radius_xlat: 'Hello, ' Sending Access-Accept of id 168 to 127.0.0.1:1092 Reply-Message = "Hello, " Finished request 0 Any ideas about solving this problem?
- regards,
HOH
|
- Re: How to get Attribute from object for LDAP? cbhoh
- Re: How to get Attribute from object for LDAP? Kostas Kalevras
