Please help with ldap problem
I am running freeradius 20030922 snapshot on RedHat 9.0. I am authorizing and authenticating via ldap. I seem to be getting authorized and authenticated but my supplicant continues to try and authenticate. Below is my debug output. If anyone can see anything unusual please let me know. Thanks for any help. rad_recv: Access-Request packet from host 10.5.50.115:1645, id=106, length=211 User-Name = "install" Framed-MTU = 1400 Called-Station-Id = "000d.bd43.d9a8" Calling-Station-Id = "0040.9645.c07a" Message-Authenticator = 0xaba44c3d8a18f7aa63dbf2fe20630dae EAP-Message = 0x0205004f1580004517030100409dcc64928d8f5ff60c838cef0ac6a057006e51ad920af73b628207daa197dcbdcd1fbd2ea04505100cd5d27cf356a14adb8eb92944976da2adffa2e5623fdea9 NAS-Port-Type = Virtual NAS-Port = 496 State = 0x0cd1fc1c30ee0fc4a8488e79f6205014 NAS-IP-Address = 10.5.50.115 NAS-Identifier = "TESTAP1" modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for install radius_xlat: '(uid=install)' radius_xlat: 'ou=academics,o=dbu' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=academics,o=dbu, with filter (uid=install) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user install authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok rlm_eap: EAP packet type response id 5 length 79 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated rad_check_password: Found Auth-Type LDAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'install' auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "install" User-Password = "f0ulb3ast" Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "install" User-Password = "f0ulb3ast" Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for install radius_xlat: '(uid=install)' radius_xlat: 'ou=academics,o=dbu' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=academics,o=dbu, with filter (uid=install) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user install authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group authenticate rlm_ldap: - authenticate rlm_ldap: login attempt by "install" with password "f0ulb3ast" rlm_ldap: user DN: cn=install,ou=Academics,o=DBU rlm_ldap: (re)connect to 10.5.10.215:389, authentication 1 rlm_ldap: bind as cn=install,ou=Academics,o=DBU/f0ulb3ast to 10.5.10.215:389 rlm_ldap: waiting for bind result ... rlm_ldap: user install authenticated succesfully modcall[authenticate]: module "ldap" returns ok modcall: group authenticate returns ok Trying to look up name of unknown client 127.0.0.1. Login OK: [install/f0ulb3ast] (from client UNKNOWN-CLIENT port 0) TTLS: Got tunneled reply RADIUS code 2 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns handled modcall: group authenticate returns handled Sending Access-Accept of id 106 to 10.5.50.115:1645 MS-MPPE-Recv-Key = 0xe4bcd7f454abdd128405446d00ebf4127842ccf9716b0ae4ebd5da185ad75c17 MS-MPPE-Send-Key = 0xa847b8c85d1c43f533610ebceef89cbe6c8f1daf24e04dfe6316513047111c6f EAP-Message = 0x03050004 Message-Authenticator = 0x User-Name = "install" Finished request 23 Going to the next request Waking up in 1 seconds... rick... Rom.5:8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP Problem
Hi, I got ur point. But how to use the radiusprofiledn. I was following the mailing list archives, but i could not figure what should i do in radius.conf file and users file. My ldif tree now look like this. dn: dc=neline,dc=com objectclass: top objectclass: domain dn: ou=group,dc=neline,dc=com ou: group objectclass: top objectclass: organizationalUnit dn: cn=testgroup,ou=group,dc=neline,dc=com objectClass: top objectClass: radiusprofile cn: testgroup radiusGroupName: G022 gidNumber: 1000 dn: uid=testing,ou=group,dc=neline,dc=com cn: testing uid: testing objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: radiusprofile ou: group userPassword: neline radiusProfileDn: cn=testgroup,ou=group,dc=neline,dc=com radiusGroupName: testgroup RADIUSD.CONF### ldap { server = "192.9.168.2" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "dc=neline,dc=com" filter = "(uid=%u)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database. start_tls = no default_profile = "cn=testgroup,ou=group,dc=neline,dc=com" profile_attribute = "radiusProfileDn" #access_group = "cn=testgroup,ou=group,dc=neline,dc=com" #access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap # ldap_cache_timeout = 120 # ldap_cache_size = 0 ldap_connections_number = 5 # password_header = "{clear}" #password_attribute = userPassword #groupname_attribute = cn #groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupO fUniqueNames)(uniquemember=%{Ldap-UserDn})))" timeout = 4 timelimit = 3 net_timeout = 1 # compare_check_items = yes # access_attr_used_for_allow = yes } PLEASE SHOW ME THE WAY Atanu Das System Development SS NetCom Pvt Ltd. Dhankheti Shillong-793003 Ph: 91+361+502355 Visit us at: http://www.neline.com - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 13, 2002 1:03 PM Subject: Re: LDAP Problem > On Fri, 13 Sep 2002, Atanu Das wrote: > > > Dear ALL, > > I tried creating a simple LDAP structure the following way! > > > > dn: dc=company,dc=com > > objectclass: top > > objectclass: domain > > > > dn: ou=people,dc=company,dc=com > > ou: people > > objectclass: top > > objectclass: organisationalUnit > > > > dn: uid=group1-dialup,ou=people,dc=company,dc=com > > objectclass: radiusprofile > > radiusPortLimit: 1 > > > > dn: uid=user1,ou=people,dc=company,dc=com > > objectclass: radiusprofile > > dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com > > > > But i am getting the following error > > 11:52:00 AM: Failed to add new entry uid=user1, ou=radius, dc=neline,dc=com > > Root error: [LDAP: error code 17 - dialupregularprofile: attribute type undefined] > > > > > > I have included both the LDAP schema that came with freeradius in the slapd.conf file with schemacheck option off. > > > > Where am I wrong!!! > > > > Atanu Das > > You should use the radiusprofiledn instead of dialupregularprofile. > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP Problem
On Fri, 13 Sep 2002, Atanu Das wrote: > Dear ALL, > I tried creating a simple LDAP structure the following way! > > dn: dc=company,dc=com > objectclass: top > objectclass: domain > > dn: ou=people,dc=company,dc=com > ou: people > objectclass: top > objectclass: organisationalUnit > > dn: uid=group1-dialup,ou=people,dc=company,dc=com > objectclass: radiusprofile > radiusPortLimit: 1 > > dn: uid=user1,ou=people,dc=company,dc=com > objectclass: radiusprofile > dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com > > But i am getting the following error > 11:52:00 AM: Failed to add new entry uid=user1, ou=radius, dc=neline,dc=com > Root error: [LDAP: error code 17 - dialupregularprofile: attribute type undefined] > > > I have included both the LDAP schema that came with freeradius in the slapd.conf >file with schemacheck option off. > > Where am I wrong!!! > > Atanu Das You should use the radiusprofiledn instead of dialupregularprofile. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP Problem
Dear ALL, I tried creating a simple LDAP structure the following way! dn: dc=company,dc=com objectclass: top objectclass: domain dn: ou=people,dc=company,dc=com ou: people objectclass: top objectclass: organisationalUnit dn: uid=group1-dialup,ou=people,dc=company,dc=comobjectclass: radiusprofileradiusPortLimit: 1dn: uid=user1,ou=people,dc=company,dc=comobjectclass: radiusprofiledialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com But i am getting the following error 11:52:00 AM: Failed to add new entry uid=user1, ou=radius, dc=neline,dc=comRoot error: [LDAP: error code 17 - dialupregularprofile: attribute type undefined] I have included both the LDAP schema that came with freeradius in the slapd.conf file with schemacheck option off. Where am I wrong!!! Atanu DasSystem DevelopmentSS NetCom Pvt Ltd.DhankhetiShillong-793003Ph: 91+361+502355Visit us at: http://www.neline.com
Re: ldap problem
Do something like this: Define your ldap blocks: ldap FOO{ ... } ldap FOO2{ ... } Then do your authtype: authtype LDAP { FOO FOO2 } Actually, you may want to make that: authtype LDAP { redundant { FOO FOO2 } } --JST On Mon, 22 Jul 2002, Brian Leung wrote: > Date: Mon, 22 Jul 2002 17:30:27 +0800 (HKT) > From: Brian Leung <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: ldap problem > > hi all, > > i try to add these in the radiusd.conf > authtype LDAP { > ldap > } > > authtype LDAP1 { > ldap1 > } > > but when i start it and it prompt me > radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found > > how should i fixed? Thank you > > Regards, > Brian Leung > System Engineer > Pacific Supernet > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap problem
hi all, i try to add these in the radiusd.conf authtype LDAP { ldap } authtype LDAP1 { ldap1 } but when i start it and it prompt me radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found how should i fixed? Thank you Regards, Brian Leung System Engineer Pacific Supernet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Authenticaion with LDAP Problem
Hi,everyone: I want to make Radius authentication with LDAP server. When I start radiusd,it seems ok. And I use the command : radtest ypguo password localhost 1 test123 The result is: radclient:Unknown attribute User-Password Can you tell me what is the problem? Thank ~Penny Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
Yet LDAP problem
Verify that you've updated the configuration line for the 'basedn'option. Run the server in debugging mode, and see that the server isusing that new configuration. Verify that the user's realm isavailable to the LDAP module. The 'Realm' attribute is NOT something which is magically generatedwhen a user logs in via 'username@realm'. You must add configurationto the server telling it to look for that realm. e.g. in the 'realms' file:realm1 LOCALrealm2 LOCAL If you don't have any special treatment of the realms, then theserver will not know about the realms. Alan DeKok. Hi Alan.. I compiled the last nightly snapshot, updated the configuration file (ou=%{Realm},ou=). The realm file contains a entry like this ( LOCAL)... Now Im having a strange behaviour with the server... running the radtest program the log shows several lines like this: Sending Access-Request of id 163 to 127.0.0.1... and then core dump... This only occurs if the basedn contains a variable in it.. If I took off the %{Realm} part of the basedn, the server becomes normal.. Essa mensagem foi enviado pelo Webmail Overnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html