Check your recommendation...
radiusd.conf is per your comment...
To make it work I had to make users
per below...
#DEFAULTAuth-Type = System
#Fall-Through = 1
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Q.Per My understanding
the Auth-Type = System should have been check then
move on to the
LDAP auth... At least per my results it is not... How does one
fix the fall-through
feature?
Dustin Doris [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09/17/2004 07:15 AM
Please respond to
[EMAIL PROTECTED]
To
[EMAIL PROTECTED]
cc
Subject
Re: lotus notes ldap
On Thu, 16 Sep 2004, J.R. Cabanban wrote:
command: radtest arookie localhost 1 sharedsecret
response: rad_recv: Access-Reject packet from host 127.0.0.1:1812,
id=61,
length=20
snapshot of radiusd -X -A
rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53,
length=59
User-Name = arookie
User-Password = *
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok
for request 1
modcall[authorize]: module chap returns noop for
request 1
modcall[authorize]: module mschap returns noop
for request 1
rlm_realm: No '@' in User-Name = arookie,
looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for
request 1
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module files returns ok for
request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arookie
radius_xlat: '(uid=arookie)'
radius_xlat: 'cn'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn, with filter (uid=arookie)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arookie authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for
request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
modcall[authenticate]: module unix returns notfound
for request 1
modcall: group authenticate returns notfound for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Q. did the ldap server properly authenticated the user
allow access. if
so why did the final result was Access-Reject?
Ldap authorized the user, but then you have it set to use System to
authenticate. These are two separate procedures. Check radiusd.conf
and
make sure you have ldap in the authorize section.
Uncomment this part, if you haven't already.
#Auth-Type LDAP {
#ldap
#}
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html