Multiple LDAP search
Hi all I got LDAP working on FreeRADIUS Version 2.1.8, with SUSE 10.1 Now i need to do the following if the user is not found in the 1st LDAP search, that searches in o=EC, then it must search again in o=HLT. I would like to know where to create these files. Thank you Wayne van der Merwe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP search problem
I have FreeRADIUS 2.1.1 setup on SUS server 10.1 We are wanting to do a LDAP connection to Novell edirectory server for our users. From the debug out put the LDAP session binded corectly The searched part failed. I would like to know did the radius server send out the loging name as uid=53986067? as indicated below. rlm_ldap: performing search in ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (uid=53986067) When i do a ldapsearch -h 10.219.176.30 -b ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x uid=53986067 I get no results. If i use -x cn=53986067 the user is found. I used radtest to do the testing Debug File --- FreeRADIUS Version 2.1.1, for host i686-suse-linux-gnu, built on Nov 19 2008 at 16:17:41 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/radius libdir = /usr/lib/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } }autharise a user. client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 shortname = localhost nastype = other } client 10.219.139.253/24 { require_message_authenticator = no secret = freeradius shortname = DoHICTFrere nastype = other } client 10.219.220.2/23 { require_message_authenticator = no secret = qwerty123456 shortname = DoHICTFrere nastype = other } radiusd:
Re: Freeradius-Users Digest, Vol 63, Issue 86
Wayne Van der Merwe wrote: I have FreeRADIUS 2.1.1 setup on SUS server 10.1 We are wanting to do a LDAP connection to Novell edirectory server for our users. From the debug out put the LDAP session binded corectly The searched part failed. I would like to know did the radius server send out the loging name as uid=53986067? as indicated below. rlm_ldap: performing search in ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (uid=53986067) Because: 1) the Access-Request contains 53986067 as the User-Name 2) the ldap module is configured to use uid=%{User-Name} This is all shown in the debug output. When i do a ldapsearch -h 10.219.176.30 -b ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC -x uid=53986067 I get no results. If i use -x cn=53986067 the user is found. So... edit the ldap module configuration to use cn=%{User-Name} instead of uid. There's a reason the configuration files are text: they can be edited. Alan DeKok. -- Noted After the change i have this problem in the debug output rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=USERS,ou=ELS-FRERE,ou=AMATOLA,ou=HLT,o=EC, with filter (cn=53986067) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user 53986067 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 The [ldap] No default NMAS login sequence how do i sort this out? and WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? is to do with a clear text password that radius needs to read from the LDAP server as per other posts. how or where do i sort this out. Is this also related to the NMAS login sequence? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html