Hi
I use an AAA infrastructure based on FreeRADIUS, OpenLDAP and pam on
some freebsd machines.
All worked fine untill i upgraded FreeRADIUS form 1.0.5 to 1.1.0.
From there on i cannot authenticate because the Auth-Type attribute
is no more valorized to LDAP by the ldap module during authorize
section.
This is the error:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 85.239.184.44:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as / to 85.239.184.44:636
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ifom-ieo-campus,dc=it, with filter
(uid=futhwo)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusServiceType as Service-Type, value Shell-User
& op=11
rlm_ldap: extracted attribute Cisco-AVPair from generic item cisco-
avpair="shell:priv-lvl=15"
rlm_ldap: user futhwo authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
and this is the definition of ldap module in radiusd.conf:
ldap {
server = "XX.XX.XX.XX"
port = 636
basedn = "dc=ifom-ieo-campus,dc=it"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
groupmembership_filter = "(memberuid=%{User-Name})"
access_attr_used_for_allow = no
set_auth_type = yes
}
I tried also to change the last 2 directives but it didn't worked.
Another thing i tried (as can be seen in the output) is to set the
attribute radiusAuthType to "ldap" in the user entry, and/or to set
the directive "authtype = LDAP" in the module definition but still
didn't work
Lurking in the dictionaries,i found this in
dictionary.freeradius.internal:
VALUE Auth-Type CHAP 1025
# 1026 was LDAP, but we deleted it. Adding it back will break the
# ldap module.
VALUE Auth-Type PAM 1027
as he author said manually adding the Auth-Type ldap definition
prevent the server from starting.
So if the Auth-Type LDAP is no more defined,how can i perform
authentication against a LDAP server?
Thanks in advance to who will help me
Regards
Ivan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
