Installed and configured FreeRADIUS and fired it up:
(lines prefixed v are server messages, lines prefixed ^ are client messages)
[EMAIL PROTECTED] ~]# radiusd -x
v Starting - reading configuration files ...
v Module: Loaded exec
v rlm_exec: Wait=yes but no output defined. Did you mean output=none?
v Module: Instantiated exec (exec)
v Module: Loaded expr
v Module: Instantiated expr (expr)
v Module: Loaded PAP
v Module: Instantiated pap (pap)
v Module: Loaded CHAP
v Module: Instantiated chap (chap)
v Module: Loaded MS-CHAP
v Module: Instantiated mschap (mschap)
v Module: Loaded System
v Module: Instantiated unix (unix)
v Module: Loaded LDAP
v rlm_ldap: Registering ldap_groupcmp for Ldap-Group
v rlm_ldap: Registering ldap_xlat with xlat_name ldap
v rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
v [...]
v conns: 0x8125160
v Module: Instantiated ldap (ldap)
v Module: Loaded eap
v rlm_eap: Loaded and initialized type md5
v rlm_eap: Loaded and initialized type leap
v rlm_eap: Loaded and initialized type gtc
v rlm_eap: Loaded and initialized type mschapv2
v Module: Instantiated eap (eap)
v Module: Loaded preprocess
v Module: Instantiated preprocess (preprocess)
v Module: Loaded realm
v Module: Instantiated realm (suffix)
v Module: Loaded files
v Module: Instantiated files (files)
v Module: Loaded Acct-Unique-Session-Id
v Module: Instantiated acct_unique (acct_unique)
v Module: Loaded detail
v Module: Instantiated detail (detail)
v Module: Loaded radutmp
v Module: Instantiated radutmp (radutmp)
v Module: Instantiated detail (reply_log)
v Initializing the thread pool...
v Listening on authentication 192.168.0.16:1812
v Listening on authentication 127.0.0.1:1812
v Listening on accounting 192.168.0.16:1813
v Listening on accounting 127.0.0.1:1813
v Listening on proxy *:1814
v Ready to process requests.
This user is defined in the raddb/users file:
[EMAIL PROTECTED] ~]# radtest testuser secret 192.168.0.16 10 hashpass
^ Sending Access-Request of id 158 to 192.168.0.16:1812
^ User-Name = "testuser"
^ User-Password = "secret"
^ NAS-IP-Address = hagrid.4ccompany.com
^ NAS-Port = 10
v rad_recv: Access-Request packet from host 192.168.0.16:35308, id=158,
length=60
v User-Name = "testuser"
v User-Password = "secret"
v NAS-IP-Address = 255.255.255.255
v NAS-Port = 10
v rlm_ldap: - authorize
v rlm_ldap: performing user authorization for testuser
v rlm_ldap: ldap_get_conn: Checking Id: 0
v rlm_ldap: ldap_get_conn: Got Id: 0
v rlm_ldap: (re)connect to hagrid.4ccompany.com:389, authentication 0
v rlm_ldap: bind as / to hagrid.4ccompany.com:389
v rlm_ldap: waiting for bind result ...
v rlm_ldap: Bind was successful
v rlm_ldap: object not found or got ambiguous search result
v rlm_ldap: search failed
v rlm_ldap: ldap_release_conn: Release Id: 0
v Sending Access-Accept of id 158 to 192.168.0.16:35308
^ rad_recv: Access-Accept packet from host 192.168.0.16:1812, id=158,
length=20
This user is in LDAP (user id & passwords changed for obvious reasons):
[EMAIL PROTECTED] ~]# radtest hansolo imnottelling 192.168.0.16 10 hashpass
^ Sending Access-Request of id 172 to 192.168.0.16:1812
^ User-Name = "hansolo"
^ User-Password = "imnottelling"
^ NAS-IP-Address = hagrid.4ccompany.com
^ NAS-Port = 10
v rad_recv: Access-Request packet from host 192.168.0.16:35308, id=172,
length=56
v User-Name = "hansolo"
v User-Password = "imnottelling"
v NAS-IP-Address = 255.255.255.255
v NAS-Port = 10
v rlm_ldap: - authorize
v rlm_ldap: performing user authorization for hansolo
v rlm_ldap: ldap_get_conn: Checking Id: 0
v rlm_ldap: ldap_get_conn: Got Id: 0
v rlm_ldap: checking if remote access for hansolo is allowed by dialupAccess
v rlm_ldap: looking for check items in directory...
v rlm_ldap: looking for reply items in directory...
v rlm_ldap: user hansolo authorized to use remote access
v rlm_ldap: ldap_release_conn: Release Id: 0
for(i=0;i<9;++i)
{
^ Re-sending Access-Request of id 172 to 192.168.0.16:1812
^ User-Name = "hansolo"
^ User-Password = "some hash of imnottelling"
^ NAS-IP-Address = hagrid.4ccompany.com
^ NAS-Port = 10
v rad_recv: Access-Request packet from host 192.168.0.16:35308, id=172,
length=56
v Discarding duplicate request from client macnab:35308 - ID: 172 due to
unfinished request 1
}
^ radclient: no response from server for ID 172
v WARNING: Unresponsive child (id 3072723888) for request 1
As you can see, everything works fine for a radius specific user, but it
grinds to a halt for a user declared in LDAP.
Any pointers would be greatly appreciated.
--
Best regards,
jona.
Where a calculator on the ENIAC is equipped with 18,000 vacuum tubes and
weighs 30 tons, computers in the future may have only 1,000 vacuum tubes and
weigh only 1 1/2 tons.
--- Popular Mechanics, March 1949
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
