Please help with ldap problem

2003-12-05 Thread Rick Whitley 
I am running freeradius 20030922 snapshot on RedHat 9.0. I am
authorizing and authenticating via ldap. I seem to be getting authorized
and authenticated but my supplicant continues to try and authenticate.
Below is my debug output. If anyone can see anything unusual please let
me know. Thanks for any help.

rad_recv: Access-Request packet from host 10.5.50.115:1645, id=106,
length=211
User-Name = "install"
Framed-MTU = 1400
Called-Station-Id = "000d.bd43.d9a8"
Calling-Station-Id = "0040.9645.c07a"
Message-Authenticator = 0xaba44c3d8a18f7aa63dbf2fe20630dae
EAP-Message =
0x0205004f1580004517030100409dcc64928d8f5ff60c838cef0ac6a057006e51ad920af73b628207daa197dcbdcd1fbd2ea04505100cd5d27cf356a14adb8eb92944976da2adffa2e5623fdea9
NAS-Port-Type = Virtual
NAS-Port = 496
State = 0x0cd1fc1c30ee0fc4a8488e79f6205014
NAS-IP-Address = 10.5.50.115
NAS-Identifier = "TESTAP1"
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat:  '(uid=install)'
radius_xlat:  'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
  rlm_eap: EAP packet type response id 5 length 79
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type LDAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'install'
auth: type "EAP"
modcall: entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.

  TTLS: Got tunneled request
User-Name = "install"
User-Password = "f0ulb3ast"
Freeradius-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
User-Name = "install"
User-Password = "f0ulb3ast"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat:  '(uid=install)'
radius_xlat:  'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: login attempt by "install" with password "f0ulb3ast"
rlm_ldap: user DN: cn=install,ou=Academics,o=DBU
rlm_ldap: (re)connect to 10.5.10.215:389, authentication 1
rlm_ldap: bind as cn=install,ou=Academics,o=DBU/f0ulb3ast to
10.5.10.215:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user install authenticated succesfully
  modcall[authenticate]: module "ldap" returns ok
modcall: group authenticate returns ok
Trying to look up name of unknown client 127.0.0.1.
Login OK: [install/f0ulb3ast] (from client UNKNOWN-CLIENT port 0)
  TTLS: Got tunneled reply RADIUS code 2
  TTLS: Got tunneled Access-Accept
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Accept of id 106 to 10.5.50.115:1645
MS-MPPE-Recv-Key =
0xe4bcd7f454abdd128405446d00ebf4127842ccf9716b0ae4ebd5da185ad75c17
MS-MPPE-Send-Key =
0xa847b8c85d1c43f533610ebceef89cbe6c8f1daf24e04dfe6316513047111c6f
EAP-Message = 0x03050004
Message-Authenticator = 0x
User-Name = "install"
Finished request 23
Going to the next request
Waking up in 1 seconds...


rick...
Rom.5:8

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP Problem

2002-09-13 Thread Atanu Das 

Hi,

I got ur point. But how to use the radiusprofiledn. I was following the
mailing list archives, but i could not figure what should i do in
radius.conf file and users file.
My ldif tree now look like this.

dn: dc=neline,dc=com
objectclass: top
objectclass: domain

dn: ou=group,dc=neline,dc=com
ou: group
objectclass: top
objectclass: organizationalUnit

dn: cn=testgroup,ou=group,dc=neline,dc=com
objectClass: top
objectClass: radiusprofile
cn: testgroup
radiusGroupName: G022
gidNumber: 1000

dn: uid=testing,ou=group,dc=neline,dc=com
cn: testing
uid: testing
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: radiusprofile
ou: group
userPassword: neline
radiusProfileDn: cn=testgroup,ou=group,dc=neline,dc=com
radiusGroupName: testgroup

RADIUSD.CONF###

ldap {

server = "192.9.168.2"

# identity = "cn=admin,o=My Org,c=UA"

# password = mypass

basedn = "dc=neline,dc=com"

filter = "(uid=%u)"

# set this to 'yes' to use TLS encrypted connections

# to the LDAP database.

start_tls = no

default_profile = "cn=testgroup,ou=group,dc=neline,dc=com"

profile_attribute = "radiusProfileDn"

#access_group = "cn=testgroup,ou=group,dc=neline,dc=com"

#access_attr = "dialupAccess"

# Mapping of RADIUS dictionary attributes to LDAP

# directory attributes.

dictionary_mapping = ${raddbdir}/ldap.attrmap

# ldap_cache_timeout = 120

# ldap_cache_size = 0

ldap_connections_number = 5

# password_header = "{clear}"

#password_attribute = userPassword

#groupname_attribute = cn

#groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupO
fUniqueNames)(uniquemember=%{Ldap-UserDn})))"

timeout = 4

timelimit = 3

net_timeout = 1

# compare_check_items = yes

# access_attr_used_for_allow = yes

}


PLEASE SHOW ME THE WAY

Atanu Das
System Development
SS NetCom Pvt Ltd.
Dhankheti
Shillong-793003
Ph: 91+361+502355
Visit us at: http://www.neline.com



- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 13, 2002 1:03 PM
Subject: Re: LDAP Problem


> On Fri, 13 Sep 2002, Atanu Das wrote:
>
> > Dear ALL,
> > I tried creating a simple LDAP structure the following way!
> >
> > dn: dc=company,dc=com
> > objectclass: top
> > objectclass: domain
> >
> > dn: ou=people,dc=company,dc=com
> > ou: people
> > objectclass: top
> > objectclass: organisationalUnit
> >
> > dn: uid=group1-dialup,ou=people,dc=company,dc=com
> > objectclass: radiusprofile
> > radiusPortLimit: 1
> >
> > dn: uid=user1,ou=people,dc=company,dc=com
> > objectclass: radiusprofile
> > dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com
> >
> > But i am getting the following error
> > 11:52:00 AM: Failed to add new entry uid=user1, ou=radius,
dc=neline,dc=com
> > Root error: [LDAP: error code 17 - dialupregularprofile: attribute type
undefined]
> >
> >
> > I have included both the LDAP schema that came with freeradius in the
slapd.conf file with schemacheck option off.
> >
> > Where am I wrong!!!
> >
> > Atanu Das
>
> You should use the radiusprofiledn instead of dialupregularprofile.
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP Problem

2002-09-13 Thread Kostas Kalevras 

On Fri, 13 Sep 2002, Atanu Das wrote:

> Dear ALL,
> I tried creating a simple LDAP structure the following way!
>
> dn: dc=company,dc=com
> objectclass: top
> objectclass: domain
>
> dn: ou=people,dc=company,dc=com
> ou: people
> objectclass: top
> objectclass: organisationalUnit
>
> dn: uid=group1-dialup,ou=people,dc=company,dc=com
> objectclass: radiusprofile
> radiusPortLimit: 1
>
> dn: uid=user1,ou=people,dc=company,dc=com
> objectclass: radiusprofile
> dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com
>
> But i am getting the following error
> 11:52:00 AM: Failed to add new entry uid=user1, ou=radius, dc=neline,dc=com
> Root error: [LDAP: error code 17 - dialupregularprofile: attribute type undefined]
>
>
> I have included both the LDAP schema that came with freeradius in the slapd.conf 
>file with schemacheck option off.
>
> Where am I wrong!!!
>
> Atanu Das

You should use the radiusprofiledn instead of dialupregularprofile.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP Problem

2002-09-12 Thread Atanu Das 



Dear ALL,
I tried creating a simple LDAP structure the 
following way!
 
dn: dc=company,dc=com
objectclass: top
objectclass: domain
 
dn: ou=people,dc=company,dc=com
ou: people
objectclass: top
objectclass: organisationalUnit
dn: 
uid=group1-dialup,ou=people,dc=company,dc=comobjectclass: 
radiusprofileradiusPortLimit: 1dn: 
uid=user1,ou=people,dc=company,dc=comobjectclass: 
radiusprofiledialupregularprofile: 
uid=group1-dialup,ou=people,dc=company,dc=com
But i am getting the following error
11:52:00 AM: Failed to add new entry uid=user1, ou=radius, 
dc=neline,dc=comRoot error: [LDAP: error code 17 - dialupregularprofile: 
attribute type undefined]
 
 
I have included both the LDAP schema that came with 
freeradius in the slapd.conf file with schemacheck option off.
 
Where am I wrong!!!
 
Atanu DasSystem DevelopmentSS NetCom Pvt 
Ltd.DhankhetiShillong-793003Ph: 91+361+502355Visit us at: http://www.neline.com
 

Re: ldap problem

2002-07-22 Thread J. S. Townsley 


Do something like this:

Define your ldap blocks:

ldap FOO{
...
}
ldap FOO2{
...
}

Then do your authtype:
authtype LDAP {
FOO
FOO2
}

Actually, you may want to make that:

authtype LDAP {
redundant {
  FOO
  FOO2
}
}


--JST

On Mon, 22 Jul 2002, Brian Leung wrote:

> Date: Mon, 22 Jul 2002 17:30:27 +0800 (HKT)
> From: Brian Leung <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: ldap problem
>
> hi all,
>
> i try to add these in the radiusd.conf
> authtype LDAP {
> ldap
> }
>
> authtype LDAP1 {
> ldap1
> }
>
> but when i start it and it prompt me
> radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found
>
> how should i fixed? Thank you
>
> Regards,
> Brian Leung
> System Engineer
> Pacific Supernet
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ldap problem

2002-07-22 Thread Brian Leung 

hi all,

i try to add these in the radiusd.conf
authtype LDAP {
ldap
}

authtype LDAP1 {
ldap1
}

but when i start it and it prompt me
radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found

how should i fixed? Thank you

Regards,
Brian Leung
System Engineer
Pacific Supernet


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius Authenticaion with LDAP Problem

2002-07-15 Thread Penny 

Hi,everyone:
I want to make Radius authentication with LDAP server. When I start radiusd,it 
seems ok. And I use the command : radtest ypguo password localhost 1 test123
The result is: radclient:Unknown attribute User-Password
Can you tell me what is the problem?
Thank 
~Penny
ŠËbú?²æìr¸›{û§²æìr¸›y'ž†Ûiÿü0ÁúÞz¶Šë(®åŠËºÇ«²f

Yet LDAP problem

2001-10-24 Thread Falmeida 
  Verify that you've updated the configuration line for the
'basedn'option.  Run the server in debugging mode, and see that the
server isusing that new configuration.  Verify that the user's
realm isavailable to the LDAP module.  The 'Realm'
attribute is NOT something which is magically generatedwhen a user logs
in via 'username@realm'.  You must add configurationto the server
telling it to look for that realm.  e.g. in the 'realms'
file:realm1    LOCALrealm2   
LOCAL  If you don't have any special treatment of the
realms, then theserver will not know about the realms. 
Alan DeKok.

  Hi Alan..
  I compiled the last nightly snapshot, updated the configuration
file (ou=%{Realm},ou=). The realm file contains a entry like
this (   LOCAL)...
 
Now Im having a strange behaviour with the server... running the radtest
program the log shows several lines like this:
Sending Access-Request of id 163 to 127.0.0.1...
and then core dump...
This only occurs if the basedn contains a variable in it.. If I took off
the %{Realm} part of the basedn, the server becomes normal..
 
 
 
 
 
 




Essa mensagem foi enviado pelo Webmail Overnet



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html