Hello,
I was testing v0.81 against our existing LDAP DB and the searches worked
fine. The LDAP module seemed to authenticate the LDAP user but then
somewhere along the line, Auth-Type System failed to validate the
user. We only want to validate/authenticate dialin users against LDAP
so does anyone know where our configuration problem might exist? We
went through the rlm_ldap doc and implemented all of the LDAP
configuration options it suggested. Please advise.
Thanks,
Pat McShane - ICDC.COM
OUTPUT FROM RADTEST
[EMAIL PROTECTED] root]# radtest [EMAIL PROTECTED] ziggy localhost 0 testing123
Sending Access-Request of id 237 to 127.0.0.1:1812
User-Name = [EMAIL PROTECTED]
User-Password = [EMAIL PROTECTED]:\332c_\341z\036\n\004rhS
NAS-IP-Address = ziggy.icdc.com
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=237,
length=20
[EMAIL PROTECTED] root]#
OUTPUT FROM RADIUSD
===
rad_recv: Access-Request packet from host 127.0.0.1:32781, id=237,
length=64
User-Name = [EMAIL PROTECTED]
User-Password = ziggy
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module chap returns noop
rlm_realm: Looking up realm icdc.com for User-Name = [EMAIL PROTECTED]
rlm_realm: Found realm icdc.com
rlm_realm: Adding Stripped-User-Name = pem
rlm_realm: Proxying request from user pem to realm icdc.com
rlm_realm: Adding Realm = icdc.com
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module suffix returns noop
users: Matched DEFAULT at 152
modcall[authorize]: module files returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for pem
radius_xlat: '(uid=pem)'
radius_xlat: 'o=icdc.com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ns6.icdc.com:389, authentication 0
rlm_ldap: bind as / to ns6.icdc.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=icdc.com, with filter (uid=pem)
rlm_ldap: checking if remote access for pem is allowed by dialuptemplate
rlm_ldap: Added password ziggy in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding unixpassword as Password, value ziggy op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user pem authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type System
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 237 to 127.0.0.1:32781
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 237 with timestamp 3e6ba8c3
Nothing to do. Sleeping until we see a request.
BEGIN:VCARD
VERSION:2.1
N:McShane;Patrick;E;Mr.
FN:Patrick E McShane
NICKNAME:Pat
ORG:eJiva Inc.;Technology
TITLE:Managing Principal Consultant
NOTE;ENCODING=QUOTED-PRINTABLE:=0D=0A=0D=0A
TEL;WORK;VOICE:(925) 227-6504
TEL;HOME;VOICE:925-416-0854
TEL;CELL;VOICE:925-437-0190
TEL;PAGER;VOICE:(800) 652-5887
TEL;WORK;FAX:(603) 947-9172
TEL;HOME;FAX:603-947-9172
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;eJiva Technology Center;5934 Gibraltar Drive=0D=0ASuite 200;Pleasanton;CA;9=
4588;United States of America
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:eJiva Technology Center=0D=0A5934 Gibraltar Drive=0D=0ASuite 200=0D=0APleasa=
nton, CA 94588=0D=0AUnited States of America
ADR;HOME;ENCODING=QUOTED-PRINTABLE:;;3610 Andrews Drive=0D=0A;Pleasanton;CA;94588;USA
LABEL;HOME;ENCODING=QUOTED-PRINTABLE:3610 Andrews Drive=0D=0A=0D=0APleasanton, CA 94588=0D=0AUSA
X-WAB-GENDER:2
URL;HOME:http://www.icdc.com/~pem
URL;WORK:http://www.ejiva.com
ROLE:Computer Consultant
BDAY:19590503
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20020311T232519Z
END:VCARD