On 1 Jul 2013, at 12:27, Horatiu Nimigean <horatiu.nimig...@ddnet.ro> wrote:
> Greetings. > I have a problem with freeradius using ldap to auth, here are my system specs: > > Centos 6 64bit > freeradius installed from repo >> rpm -qa | grep -i freeradius >> freeradius-ldap-2.1.12-4.el6_3.x86_64 >> freeradius-2.1.12-4.el6_3.x86_64 >> freeradius-utils-2.1.12-4.el6_3.x86_64 > ldap already up and running, on localhost. everything is local btw, there are > no remote services and ldap is (test environment) accepting unsecured > connections. >> rpm -qa | grep -i openld >> openldap-devel-2.4.23-32.el6_4.1.x86_64 >> openldap-clients-2.4.23-32.el6_4.1.x86_64 >> openldap-servers-2.4.23-32.el6_4.1.x86_64 >> openldap-2.4.23-32.el6_4.1.x86_64 > > radtest fails >> radtest testuser_1 "letmein_1" localhost 2 testing123 >> Sending Access-Request of id 214 to 127.0.0.1 port 1812 >> User-Name = "testuser_1" >> User-Password = "letmein_1" >> NAS-IP-Address = 127.0.0.1 >> NAS-Port = 2 >> Message-Authenticator = 0x00000000000000000000000000000000 >> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, >> length=20 > and this is the output from radius (ran as radiusd -X) > http://pastebin.com/MT0txW2c > > i don't understand. it auths but then it doesn't.. the final result is not > successful > Thanks in advance, No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set "set_auth_type = no" in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
