I don't see anything in the log here about ldap.
It jumps from [logintime] to [pap].

Did you uncomment lines containing "ldap" in the
sites-enabled/default file (in the authorize and
authenticate sections)?

Yancey



On May 29, 2008, at 2:34 PM, aprotector wrote:


I've been trying to get my freeradius server to work with an Netscape LDAP server and authenticate users when they connect via VPN to our Sonicwall gateway. I have set the Sonicwall as a client so the radius recognizes it and then adjusted the radiusd.conf. However, when I try to authenticate an LDAP user from the sonicwall it will say the authentication failed and the
radius shows the following messages:

---------- (running in radiusd -X)

       User-Name = "testuser"
       User-Password = "testing"
       NAS-IP-Address = sonicwallIP
       NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
   rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
   rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [testuser/testing] (from client sonicwall port 0)
 Found Post-Auth-Type Reject
+- entering group REJECT
       expand: %{User-Name} -> testuser
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Waking up in 4.9 seconds.

----------

If I uncomment a local user account on the Radius box and then try
authenticating from the Sonicwall with this it will succeed. It just doesn't seem to want to go to the LDAP server and then back to the Sonicwall. Has anyone had any experience with this sort of setup, and might be able to shed
some light on how I can set it up to use LDAP for the authentication?
--
View this message in context: 
http://www.nabble.com/FreeRadius-2.0.4---problems-with-LDAP-and-Sonicwall...-tp17544085p17544085.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to