Re: ldap

2013-06-22 Thread Alan Buxey 
Hi

Always start simple.  Run radtest on the RADIUS server box using 127.0.0.1 ... 
THEN move to running against it from other systems once you've verified all 
authentication etc is working

Note that it is port 1812 UDP

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ldap

2013-06-22 Thread A . L . M . Buxey 
Hi,

 freeradius silently drop packets from unknown client.

unless run in debug mode at which point it'll clearly print out

Ignoring request to blahblah from unknown client x.x.x.x port 


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems freeradius and samba4

2013-06-22 Thread ricardobarbosams 

Hi Ortega,

With user administrator not worked. look log file

[ldap] performing user authorization for test
[ldap]  expand: ((objectClass=user)(sAMAccountName=%{User-Name})) - 
((objectClass=user)(sAMAccountName=test))

[ldap]  expand: dc=batlab,dc=corp - dc=batlab,dc=corp
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] closing existing LDAP connection
  [ldap] (re)connect to 192.168.0.4:389, authentication 0
  [ldap] bind as /X to 192.168.0.4:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=batlab,dc=corp, with filter 
((objectClass=user)(sAMAccountName=test))

[ldap] ldap_search() failed: Operations error
[ldap] search failed
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail

Any Idea

Em 06/14/13 03:40, Roberto Ortega Ramiro escreveu:
Hi, i'm starter here but, the user freeradius in your ldap must be 
able to read user's passwords.


Try with administrator in /etc/raddb/modules/ldap and if it works, the 
user freeradius won't has rigths for this.


By

El viernes, 14 de junio de 2013, ricardobarbosams escribió:

Hi.

Executing ldapsearch with user freeradius

root@maxwell:~# ldapsearch -LLL -x -h 192.168.0.4 -b
dc=batlab,dc=corp -D
CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp -W
(sAMAccountName=administrator) cn
Enter LDAP Password:
dn: CN=Administrator,CN=Users,DC=batlab,DC=corp
cn: Administrator


Its Works.

Regards.

Em 06/13/13 03:37, Iliya Peregoudov escreveu:

On 12.06.2013 4:19, ricardobarbosams wrote:


No my filter is

filter = ((objectClass=user)(sAMAccountName=%{User-Name}))


I do not talk about filter, I do talk about binding to the
directory. Your ldapsearch binds to the directory using one
user and your radiusd binds to directory as another user.
These users can have different authorization levels in the
directory server. Directory may allow to retrieve objects to
us...@batlab.corp user but disallow it to
CN=freeradius,OU=noc,OU=batlab,DC=batlab,DC=corp user.

Configure radiusd to use the us...@batlab.corp user to bind to
the directory and you'll get same results as with ldapsearch.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



--
--
Un saludo.


Roberto Ortega
Profesor de Informática.
http://www.proyectoret.es http://www.proyectoret.es/

Escuelas San José Valencia
Avd.Cortes Valencianas nº1
46015 Valencia
R4600489A
Tf:963499011 ext. 262
Fax:963488835
http://www.escuelassj.com http://www.escuelassj.com/

No imprimas este correo si no es necesario. Protejamos el medio ambiente.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html