Re: lotus notes ldap
Check your recommendation...
radiusd.conf is per your comment...
To make it work I had to make users
per below...
#DEFAULTAuth-Type = System
#Fall-Through = 1
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Q.Per My understanding
the Auth-Type = System should have been check then
move on to the
LDAP auth... At least per my results it is not... How does one
fix the fall-through
feature?
Dustin Doris [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
09/17/2004 07:15 AM
Please respond to
[EMAIL PROTECTED]
To
[EMAIL PROTECTED]
cc
Subject
Re: lotus notes ldap
On Thu, 16 Sep 2004, J.R. Cabanban wrote:
command: radtest arookie localhost 1 sharedsecret
response: rad_recv: Access-Reject packet from host 127.0.0.1:1812,
id=61,
length=20
snapshot of radiusd -X -A
rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53,
length=59
User-Name = arookie
User-Password = *
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok
for request 1
modcall[authorize]: module chap returns noop for
request 1
modcall[authorize]: module mschap returns noop
for request 1
rlm_realm: No '@' in User-Name = arookie,
looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for
request 1
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module files returns ok for
request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arookie
radius_xlat: '(uid=arookie)'
radius_xlat: 'cn'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn, with filter (uid=arookie)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arookie authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for
request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
modcall[authenticate]: module unix returns notfound
for request 1
modcall: group authenticate returns notfound for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Q. did the ldap server properly authenticated the user
allow access. if
so why did the final result was Access-Reject?
Ldap authorized the user, but then you have it set to use System to
authenticate. These are two separate procedures. Check radiusd.conf
and
make sure you have ldap in the authorize section.
Uncomment this part, if you haven't already.
#Auth-Type LDAP {
#ldap
#}
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
On Thu, 16 Sep 2004, J.R. Cabanban wrote:
command: radtest arookie localhost 1 sharedsecret
response: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=61,
length=20
snapshot of radiusd -X -A
rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53,
length=59
User-Name = arookie
User-Password = *
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
modcall[authorize]: module chap returns noop for request 1
modcall[authorize]: module mschap returns noop for request 1
rlm_realm: No '@' in User-Name = arookie, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 1
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module files returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for arookie
radius_xlat: '(uid=arookie)'
radius_xlat: 'cn'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn, with filter (uid=arookie)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user arookie authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type System
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
modcall[authenticate]: module unix returns notfound for request 1
modcall: group authenticate returns notfound for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Q. did the ldap server properly authenticated the user allow access. if
so why did the final result was Access-Reject?
Ldap authorized the user, but then you have it set to use System to
authenticate. These are two separate procedures. Check radiusd.conf and
make sure you have ldap in the authorize section.
Uncomment this part, if you haven't already.
# Auth-Type LDAP {
# ldap
# }
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
J.R. Cabanban [EMAIL PROTECTED] wrote: Q. did the ldap server properly authenticated the user allow access. if so why did the final result was Access-Reject? The debug log says: rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 modcall[authenticate]: module unix returns notfound for request 1 modcall: group authenticate returns notfound for request 1 auth: Failed to validate the user. What part of those messages is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lotus notes ldap
On Wed, 15 Sep 2004, J.R. Cabanban wrote: We just turned on the LDAP (v3 enable) server feature on our lotus notes... env... rh7.3 freeradius 1.0 read all howto freeradius ldap that I could find in the web... The ldap server is being queried by freeradius but could authenticate any ldap defined users... The ldap server is working - an hp760wl is authenticating properly... Any direction or things to try are greatly appreciated... Run the server in debug mode (radiusd -X) to see exactly what's happening. Thank You... -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lotus notes ldap
We just turned on the LDAP (v3 enable) server feature on our lotus notes... env... rh7.3 freeradius 1.0 read all howto freeradius ldap that I could find in the web... The ldap server is being queried by freeradius but could authenticate any ldap defined users... The ldap server is working - an hp760wl is authenticating properly... Any direction or things to try are greatly appreciated... Thank You...
