Re: freeradius ldap auth "sort of" working ?

2013-07-01 Thread A . L . M . Buxey 
Hi,

> and this is the output from radius (ran as radiusd -X)
> http://pastebin.com/MT0txW2c

please post to the list - avoids more work at this end.

the output shows this:

Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by "testuser_1" with password "letmein_1"
[ldap] user DN: uid=testuser_1,ou=People,dc=vps03,dc=local
  [ldap] (re)connect to 127.0.0.1:389, authentication 1
  [ldap] bind as uid=testuser_1,ou=People,dc=vps03,dc=local/letmein_1 to 
127.0.0.1:389
  [ldap] waiting for bind result ...
  [ldap] Bind failed with invalid credentials
++[ldap] returns reject

> i don't understand. it auths but then it doesn't.. the final result
> is not successful

it does a SEARCH for authorization. finds some details...then it checks
authentication...and doesnt work.  verify that you can connect/verify
with this user/password combo. LDAP is not an authentication method..its
just an oracle of data really

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius ldap auth "sort of" working ?

2013-07-01 Thread Arran Cudbard-Bell 

On 1 Jul 2013, at 12:27, Horatiu Nimigean  wrote:

> Greetings.
> I have a problem with freeradius using ldap to auth, here are my system specs:
> 
> Centos 6 64bit
> freeradius installed from repo
>> rpm -qa | grep -i freeradius
>> freeradius-ldap-2.1.12-4.el6_3.x86_64
>> freeradius-2.1.12-4.el6_3.x86_64
>> freeradius-utils-2.1.12-4.el6_3.x86_64
> ldap already up and running, on localhost. everything is local btw, there are 
> no remote services and ldap is (test environment) accepting unsecured 
> connections.
>> rpm -qa | grep -i openld
>> openldap-devel-2.4.23-32.el6_4.1.x86_64
>> openldap-clients-2.4.23-32.el6_4.1.x86_64
>> openldap-servers-2.4.23-32.el6_4.1.x86_64
>> openldap-2.4.23-32.el6_4.1.x86_64
> 
> radtest fails
>> radtest testuser_1 "letmein_1" localhost 2 testing123
>> Sending Access-Request of id 214 to 127.0.0.1 port 1812
>>User-Name = "testuser_1"
>>User-Password = "letmein_1"
>>NAS-IP-Address = 127.0.0.1
>>NAS-Port = 2
>>Message-Authenticator = 0x
>> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, 
>> length=20
> and this is the output from radius (ran as radiusd -X)
> http://pastebin.com/MT0txW2c
> 
> i don't understand. it auths but then it doesn't.. the final result is not 
> successful
> Thanks in advance,

No.

Your admin user managed to bind and retrieve credentials for your user, your 
user bind never succeeded.

Seeing as you have access to the crypt hash of the user's password you should 
use PAP to do authentication.

Set "set_auth_type = no" in modules/ldap.

and make sure 'pap' is listed in authorize.

If the password you're using in radtest is correct, this will work. If it isn't 
then authentication will continue to fail.

-Arran

Arran Cudbard-Bell 
FreeRADIUS Development Team

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius ldap auth "sort of" working ?

2013-07-01 Thread Horatiu Nimigean 

Greetings.
I have a problem with freeradius using ldap to auth, here are my system 
specs:


Centos 6 64bit
freeradius installed from repo

rpm -qa | grep -i freeradius
freeradius-ldap-2.1.12-4.el6_3.x86_64
freeradius-2.1.12-4.el6_3.x86_64
freeradius-utils-2.1.12-4.el6_3.x86_64
ldap already up and running, on localhost. everything is local btw, 
there are no remote services and ldap is (test environment) accepting 
unsecured connections.

rpm -qa | grep -i openld
openldap-devel-2.4.23-32.el6_4.1.x86_64
openldap-clients-2.4.23-32.el6_4.1.x86_64
openldap-servers-2.4.23-32.el6_4.1.x86_64
openldap-2.4.23-32.el6_4.1.x86_64


radtest fails

radtest testuser_1 "letmein_1" localhost 2 testing123
Sending Access-Request of id 214 to 127.0.0.1 port 1812
User-Name = "testuser_1"
User-Password = "letmein_1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 2
Message-Authenticator = 0x
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=214, 
length=20

and this is the output from radius (ran as radiusd -X)
http://pastebin.com/MT0txW2c

i don't understand. it auths but then it doesn't.. the final result is 
not successful

Thanks in advance,

Horatiu


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html