Il 20/07/11 10.19, Fajar A. Nugraha-2 [via FreeRadius] ha scritto:
> On Wed, Jul 20, 2011 at 3:07 PM, m4xmr <[hidden email]
> > wrote:
>> Hello,
>> I'm trying to make working LDAP as authentication backend for RADIUS.
>> I verified that the data are right and the query to LDAP is properly
> working
>> if I use ldapsearch.
>
> does LDAP BIND work correctly using ldapsearch (i.e. ldapsearch -D)
I tried: ldapsearch -x -b "dc=example,dc=com" "uid=ldapuser"
and it works good:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: uid=ldapuser
# requesting: ALL
#
# ldapuser, People, example.com
dn: uid=ldapuser,ou=People,dc=example,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: MTIxMjEyIA==
shadowLastChange: 15174
shadowMin: 0
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 100
homeDirectory: /home/ldapuser
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
>
>> rad_recv: Access-Request packet from host 127.0.0.1:59221, id=78,
> length=60
>>User-Name = "ldapuser"
>>User-Password = "121212"
>
>> rlm_ldap: Setting Auth-Type = ldap
>
> Hmmm ... that's odd. I thought rlm_ldap was supposed to just grab
> attributes (e.g. Cleartext-Password) and not set the Auth-Type? Are
> you doing anything special like forcing Auth-Type := LDAP?
I was following a tutorial, this one:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS
>
>> rlm_ldap: user ldapuser authorized to use remote access
>
> this line says there's a user called ldapuser
>
>> rlm_ldap: - authenticate
>> rlm_ldap: login attempt by "ldapuser" with password "121212"
>> rlm_ldap: user DN: uid=ldapuser,ou=People,dc=example,dc=com
>> rlm_ldap: (re)connect to localhost:389, authentication 1
>> rlm_ldap: bind as uid=ldapuser,ou=People,dc=example,dc=com/121212 to
>> localhost:389
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind failed with invalid credentials
>
> ... while this one says the bind failed. Is the password correct?
I configured that password..., it could be some problem of hasing..., maybe.
Anyway I have upgraded to FreeRADIUS Version 2.1.7
this is the output of radiusd -X
radiusd -X
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar
31 2010 at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/otp
including configuration file