Re: freeradius ldap auth "sort of" working ?
Hi, > and this is the output from radius (ran as radiusd -X) > http://pastebin.com/MT0txW2c please post to the list - avoids more work at this end. the output shows this: Found Auth-Type = LDAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by "testuser_1" with password "letmein_1" [ldap] user DN: uid=testuser_1,ou=People,dc=vps03,dc=local [ldap] (re)connect to 127.0.0.1:389, authentication 1 [ldap] bind as uid=testuser_1,ou=People,dc=vps03,dc=local/letmein_1 to 127.0.0.1:389 [ldap] waiting for bind result ... [ldap] Bind failed with invalid credentials ++[ldap] returns reject > i don't understand. it auths but then it doesn't.. the final result > is not successful it does a SEARCH for authorization. finds some details...then it checks authentication...and doesnt work. verify that you can connect/verify with this user/password combo. LDAP is not an authentication method..its just an oracle of data really alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ldap auth "sort of" working ?
On 1 Jul 2013, at 12:27, Horatiu Nimigean wrote: > Greetings. > I have a problem with freeradius using ldap to auth, here are my system specs: > > Centos 6 64bit > freeradius installed from repo >> rpm -qa | grep -i freeradius >> freeradius-ldap-2.1.12-4.el6_3.x86_64 >> freeradius-2.1.12-4.el6_3.x86_64 >> freeradius-utils-2.1.12-4.el6_3.x86_64 > ldap already up and running, on localhost. everything is local btw, there are > no remote services and ldap is (test environment) accepting unsecured > connections. >> rpm -qa | grep -i openld >> openldap-devel-2.4.23-32.el6_4.1.x86_64 >> openldap-clients-2.4.23-32.el6_4.1.x86_64 >> openldap-servers-2.4.23-32.el6_4.1.x86_64 >> openldap-2.4.23-32.el6_4.1.x86_64 > > radtest fails >> radtest testuser_1 "letmein_1" localhost 2 testing123 >> Sending Access-Request of id 214 to 127.0.0.1 port 1812 >>User-Name = "testuser_1" >>User-Password = "letmein_1" >>NAS-IP-Address = 127.0.0.1 >>NAS-Port = 2 >>Message-Authenticator = 0x >> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, >> length=20 > and this is the output from radius (ran as radiusd -X) > http://pastebin.com/MT0txW2c > > i don't understand. it auths but then it doesn't.. the final result is not > successful > Thanks in advance, No. Your admin user managed to bind and retrieve credentials for your user, your user bind never succeeded. Seeing as you have access to the crypt hash of the user's password you should use PAP to do authentication. Set "set_auth_type = no" in modules/ldap. and make sure 'pap' is listed in authorize. If the password you're using in radtest is correct, this will work. If it isn't then authentication will continue to fail. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius ldap auth "sort of" working ?
Greetings. I have a problem with freeradius using ldap to auth, here are my system specs: Centos 6 64bit freeradius installed from repo rpm -qa | grep -i freeradius freeradius-ldap-2.1.12-4.el6_3.x86_64 freeradius-2.1.12-4.el6_3.x86_64 freeradius-utils-2.1.12-4.el6_3.x86_64 ldap already up and running, on localhost. everything is local btw, there are no remote services and ldap is (test environment) accepting unsecured connections. rpm -qa | grep -i openld openldap-devel-2.4.23-32.el6_4.1.x86_64 openldap-clients-2.4.23-32.el6_4.1.x86_64 openldap-servers-2.4.23-32.el6_4.1.x86_64 openldap-2.4.23-32.el6_4.1.x86_64 radtest fails radtest testuser_1 "letmein_1" localhost 2 testing123 Sending Access-Request of id 214 to 127.0.0.1 port 1812 User-Name = "testuser_1" User-Password = "letmein_1" NAS-IP-Address = 127.0.0.1 NAS-Port = 2 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, length=20 and this is the output from radius (ran as radiusd -X) http://pastebin.com/MT0txW2c i don't understand. it auths but then it doesn't.. the final result is not successful Thanks in advance, Horatiu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html