On 06/25/2010 06:54 PM, Raymond Norton wrote:
Got things working (yeah!)
Had to reset the users password with ldappassword. For some reason
freeradius couldn't read what was exported to the ldif file. Once I
changed passwords with ldappassword, radtest and WPA worked perfectly.
Also had to com
On Fri, Jun 25, 2010 at 05:54:38PM -0500, Raymond Norton wrote:
> Got things working (yeah!)
>
> Had to reset the users password with ldappassword. For some reason
> freeradius couldn't read what was exported to the ldif file. Once I
> changed passwords with ldappassword, radtest and WPA worke
Got things working (yeah!)
Had to reset the users password with ldappassword. For some reason
freeradius couldn't read what was exported to the ldif file. Once I
changed passwords with ldappassword, radtest and WPA worked perfectly.
Also had to comment out this line in /etc/ldap/slapd.conf:
On 24/06/10 17:33, John Dennis wrote:
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in /etc/raddb/lda
On 06/24/2010 04:21 PM, Josip Rodin wrote:
No, the two colons in ldapsearch output just indicate that the attribute
value is MIME-encoded.
Good catch Josip.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradiu
It happens that way when you're new sometimes :)
The last couple posts helped.
I am now able to get an "Accept" message when connecting with the rootdn
user. Working on getting other users to authenticate now.
Thanks for your patience and help.
Raymond
On 6/24/2010 3:57 PM, Alan DeKok wro
Raymond Norton wrote:
> I have been reading and looking at similar post non-stop and have an
> idea what is wrong, but am not sure how to fix it.
Sorry... but the symptoms here are clear. Many, many, posts, full of
confused "what do I do now" questions.
It's not that hard. Stop fighting it,
I have been reading and looking at similar post non-stop and have an
idea what is wrong, but am not sure how to fix it.
I understand there may be a need to map ldap and radius attributes and I
have found a couple examples, but I am not entirely sure what the
changes should be.
It seems the o
On Thu, Jun 24, 2010 at 11:21:47AM -0500, Raymond Norton wrote:
> I misunderstood the instructions. Made the change, and I see now that I
> am at least connecting to the ldap server, but still getting rejected.
>
> [ldap] performing user authorization for billy
> ++[ldap] returns ok
> No authenti
On Thu, Jun 24, 2010 at 12:33:10PM -0400, John Dennis wrote:
> But even if you did, ldap has this:
>
> userPassword:: e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9
>
> They aren't the same are they? The LDAP entry looks like a hash, you'll
> have to figure out which kind. Note it does not contain
No. This is a new install. Nothing has been copied over.
Thanks for the pointers.
I will keep working at it.
I hope you didn't just copy 1.x configuration over to 2.x, they aren't
compatible.
I see from your debug output you're running 2.1.0 but the current
version is 2.1.9. To the bes
On 06/24/2010 02:04 PM, Raymond Norton wrote:
Thanks for the info. I'm not sure how to determine what to use in
ldap.attrmap, but will see what I can figure out.
This issue has been covered a lot on this list, search the archives.
One question though; before attempting this current setup, I
Thanks for the info. I'm not sure how to determine what to use in
ldap.attrmap, but will see what I can figure out.
One question though; before attempting this current setup, I installed
freeradius_1.1.0-1ubuntu2.1_i386.deb and ldap on the same localhost..
radtest and authenticating via WPA w
On 06/24/2010 12:21 PM, Raymond Norton wrote:
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
You don't have the userPassword mapped in /etc/raddb/ldap.attrmap
But even if you did, ldap ha
I misunderstood the instructions. Made the change, and I see now that I
am at least connecting to the ldap server, but still getting rejected.
I changed the basedn to ou=People,dc=lctn,dc=org for this test.
(ldapsearch is below)
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on
rad_recv: Access-Request packet from host 127.0.0.1 port 50670, id=151,
length=57
User-Name = "billy"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
Debug:
FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on Sep 17
2009 at 17:22:02
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS
On 06/24/2010 11:32 AM, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
What system are you working on?
You said there was a /etc/init.d/freeradius init script. Look in it to
see what it's invoking. /usr/sbin/freeradius by any chance?
--
John Dennis
Looking to carve
On 24/06/10 16:32, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
Well, maybe it's in a different location.
What OS are you using? Have you queried the package manager for your OS
to find the location of the binaries?
If you didn't use a package manager, and installe
Got debug working with /usr/sbin/freeradius -X
On 6/24/2010 10:32 AM, Raymond Norton wrote:
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/f
That brings me back to my first post-no radiusd.
On 6/24/2010 10:26 AM, Phil Mayers wrote:
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon directly:
/us
On 24/06/10 16:23, Raymond Norton wrote:
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
That's the init script. Run the daemon directly:
/usr/sbin/radiusd -X
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.ht
Yes, but when I try to use -X , it says:
Usage: /etc/init.d/freeradius start|stop|restart|force-reload
On 6/24/2010 10:18 AM, Alan DeKok wrote:
Raymond Norton wrote:
The FAQ says to use radiusd -X> debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the
Raymond Norton wrote:
> The FAQ says to use radiusd -X> debug.txt for debug.
>
> I get the following:
>
> The program 'radiusd' can be found in the following packages:
> * radiusd-livingston
> * xtradius
> * yardradius
>
>
> Is there another way to launch debug mode in version 2.1?
Your
The FAQ says to use radiusd -X> debug.txt for debug.
I get the following:
The program 'radiusd' can be found in the following packages:
* radiusd-livingston
* xtradius
* yardradius
Is there another way to launch debug mode in version 2.1?
-
List info/subscribe/unsubscribe? See http://
On 06/24/2010 10:18 AM, Raymond Norton wrote:
ldapsearch -x -b uid=billy,ou=People,dc=lctn,dc=org (on remote ldap server)
Command successfully displays information on user.
radtest raymond "password" 127.0.0.1 1 testing123 (on freeradius server)
Displays local user info
My config changes are
Whoops... /modules/ldap is on the local freeradius server, not the the
remote ldap server.
/modules/ldap: (on remote ldap server)
ldap {
server = "10.10.3.1"
basedn = "dc=lctn,dc=org"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
/etc/ldap/slapd.conf (on re
ldapsearch -x -b uid=billy,ou=People,dc=lctn,dc=org (on remote ldap server)
Command successfully displays information on user.
radtest raymond "password" 127.0.0.1 1 testing123 (on freeradius server)
Displays local user info
radtest billy "password" 127.0.0.1 1 testing123 (on freeradius se
Hi,
Maybe your problem be in your slapd.conf permissions (access to...).
I had same problem, my ldap module loaded fine on freeradius server(debian
lenny), but I got "accept-reject ..." error when I ran radtest command.
I deleted my "access to ..." block for freeradius server directory in
slapd.co
Raymond Norton wrote:
> I successfully configured freeradius (version 1.x Ubuntu) to use ldap on
> a localhost via WPA. I am trying to setup version 2.1 (Ubuntu) to use a
> remote ldap server now. The module loads fine and I made what I believed
> were the correct changes to connect to the remote s
Raymond Norton wrote:
I successfully configured freeradius (version 1.x Ubuntu) to use ldap
on a localhost via WPA. I am trying to setup version 2.1 (Ubuntu) to
use a remote ldap server now. The module loads fine and I made what I
believed were the correct changes to connect to the remote serve
I successfully configured freeradius (version 1.x Ubuntu) to use ldap on
a localhost via WPA. I am trying to setup version 2.1 (Ubuntu) to use a
remote ldap server now. The module loads fine and I made what I believed
were the correct changes to connect to the remote server, but I have
missed s
32 matches
Mail list logo
