hello *
Szenario: freeradius auth via LDAP simple bind with user passwd / user name for
a hot spot
Used config works with two other setups of same environment
Problem: simple bind returns ok
then another module rejects the user
Any hints where i should look ?
Used Freeradius Version: FreeRADIUS Version 1.1.6
below debug output
hu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from suffix
(rlm_realm) for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module "suffix" returns
noop for request 0
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: - authorize
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: performing user authorization for
test1
Thu Nov 18 11:20:52 2010 : Debug: radius_xlat: '(uid=test1)'
Thu Nov 18 11:20:52 2010 : Debug: radius_xlat: 'l=Stadt,dc=de,o=Organisationr'
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: (re)connect to 127.0.0.1:389,
authentication 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: bind as
cn=LDAPADMIN,o=Customer/sharedsecret to 127.0.0.1:389
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: performing search in
l=Stadt,dc=de,o=Organisation, with filter (uid=test1)
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: looking for check items in
directory...
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: Setting Auth-Type = ldap
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: user test1 authorized to use remote
access
Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module "ldap" returns
ok for request 0
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap)
for request 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module "eap" returns
noop for request 0
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Thu Nov 18 11:20:52 2010 : Debug: users: Matched entry DEFAULT at line 3
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from files
(rlm_files) for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module "files" returns
ok for request 0
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling pap (rlm_pap)
for request 0
Thu Nov 18 11:20:52 2010 : Debug: rlm_pap: Found existing Auth-Type, not
changing it.
Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from pap
(rlm_pap) for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module "pap" returns
noop for request 0
Thu Nov 18 11:20:52 2010 : Debug: modcall: leaving group authorize (returns ok)
for request 0
Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type Reject
Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject,
rejecting user
Thu Nov 18 11:20:52 2010 : Debug: auth: Failed to validate the user.
Thu Nov 18 11:20:52 2010 : Auth: Login incorrect: [test1/testpasswd] (from
client wlanhsp port 0 cli 00:1e:c2:a3:4d:b
line from users
DEFAULT Called-Station-Id =~ ".*:LIBRARY" , Ldap-group ==
"cn=city,cn=Groups,l=Stadt,dc=de,o=Organisation"
thx for any hints :-)
I have anonymized the ldap Attributes
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
