Re: lotus notes ldap
Check your recommendation... radiusd.conf is per your comment... To make it work I had to make users per below... #DEFAULTAuth-Type = System #Fall-Through = 1 DEFAULT Auth-Type = LDAP Fall-Through = 1 Q.Per My understanding the Auth-Type = System should have been check then move on to the LDAP auth... At least per my results it is not... How does one fix the fall-through feature? Dustin Doris [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/17/2004 07:15 AM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: lotus notes ldap On Thu, 16 Sep 2004, J.R. Cabanban wrote: command: radtest arookie localhost 1 sharedsecret response: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=61, length=20 snapshot of radiusd -X -A rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53, length=59 User-Name = arookie User-Password = * NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = arookie, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module files returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for arookie radius_xlat: '(uid=arookie)' radius_xlat: 'cn' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn, with filter (uid=arookie) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user arookie authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 modcall[authenticate]: module unix returns notfound for request 1 modcall: group authenticate returns notfound for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Q. did the ldap server properly authenticated the user allow access. if so why did the final result was Access-Reject? Ldap authorized the user, but then you have it set to use System to authenticate. These are two separate procedures. Check radiusd.conf and make sure you have ldap in the authorize section. Uncomment this part, if you haven't already. #Auth-Type LDAP { #ldap #} -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
On Thu, 16 Sep 2004, J.R. Cabanban wrote: command: radtest arookie localhost 1 sharedsecret response: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=61, length=20 snapshot of radiusd -X -A rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53, length=59 User-Name = arookie User-Password = * NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = arookie, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module files returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for arookie radius_xlat: '(uid=arookie)' radius_xlat: 'cn' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn, with filter (uid=arookie) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user arookie authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 modcall[authenticate]: module unix returns notfound for request 1 modcall: group authenticate returns notfound for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Q. did the ldap server properly authenticated the user allow access. if so why did the final result was Access-Reject? Ldap authorized the user, but then you have it set to use System to authenticate. These are two separate procedures. Check radiusd.conf and make sure you have ldap in the authorize section. Uncomment this part, if you haven't already. # Auth-Type LDAP { # ldap # } -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
J.R. Cabanban [EMAIL PROTECTED] wrote: Q. did the ldap server properly authenticated the user allow access. if so why did the final result was Access-Reject? The debug log says: rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 modcall[authenticate]: module unix returns notfound for request 1 modcall: group authenticate returns notfound for request 1 auth: Failed to validate the user. What part of those messages is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
On Wed, 15 Sep 2004, J.R. Cabanban wrote: We just turned on the LDAP (v3 enable) server feature on our lotus notes... env... rh7.3 freeradius 1.0 read all howto freeradius ldap that I could find in the web... The ldap server is being queried by freeradius but could authenticate any ldap defined users... The ldap server is working - an hp760wl is authenticating properly... Any direction or things to try are greatly appreciated... Run the server in debug mode (radiusd -X) to see exactly what's happening. Thank You... -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lotus notes ldap
We just turned on the LDAP (v3 enable) server feature on our lotus notes... env... rh7.3 freeradius 1.0 read all howto freeradius ldap that I could find in the web... The ldap server is being queried by freeradius but could authenticate any ldap defined users... The ldap server is working - an hp760wl is authenticating properly... Any direction or things to try are greatly appreciated... Thank You...