Re: radius user queries for uid anonymous in ldap

Thu, 04 Dec 2008 03:27:49 -0800 

2008/12/3 Alan DeKok <[EMAIL PROTECTED]>:
> Sergio Belkin wrote:
>> Hi, I use freeradius with EAP-TTLS y EAP-PEAP, below there is ldap
>> log, I wonder why radius "bothers" to query for anonymous uid and not
>> only for uid into the tunnel
>
>  Because you configured the ldap module *outside* of the tunnel, too.
> If you don't list it in sites-enabled/default, it will only do queries
> for inside of the TLS tunnel.

Thanks Alan!

That solved it. Now it remains a little problem on radiusd.log:

Thu Dec  4 09:07:51 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec  4 09:07:51 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec  4 09:10:41 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec  4 09:10:41 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec  4 09:12:14 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec  4 09:12:14 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec  4 09:14:30 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec  4 09:14:30 2008 : Info: rlm_ldap: Attempting reconnect
Thu Dec  4 09:18:09 2008 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Dec  4 09:18:09 2008 : Info: rlm_ldap: Attempting reconnect

What are these problem from? radius or ldap?

ldap module config is as follows:


ldap {
                 server = "ldap.palermo.edu"
                 identity = "cn=freeradius,ou=applications,dc=palermo,dc=edu"
                 password = somepass
                 basedn = "ou=people,dc=palermo,dc=edu"
                 filter   = "(uid=%u)"
        ldap_connections_number = 1
        timeout = 60
        timelimit = 120
        net_timeout = 10
        tls {
                 cacertfile     = /etc/raddb/cacert.pem
                randfile                = /dev/urandom
        }
        access_attr = "radiusAllowed"
        dictionary_mapping = ${confdir}/ldap.attrmap
        edir_account_policy_check = no

EOF

Thanks in advance!

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to