Problem using freeradius and LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have problem when in Fedora using radtest against LDAP

This  is part of /etc/raddb/radiusd.conf:

ldap {
		server = "localhost"
		basedn = "ou=people,dc=mydomain,dc=com"
		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
		dictionary_mapping = ${raddbdir}/ldap.attrmap
		ldap_connections_number = 5
		password_attribute = userPassword
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
		timeout = 4
		timelimit = 3
		net_timeout = 1
	}

authorize {
	chap
	mschap
	suffix
	eap
	files
	ldap
	checkval
}

And this a portion of /etc/raddb/users:
DEFAULT  Auth-Type = System
   Fall-Through = 1
DEFAULT  Auth-Type = LDAP
   Fall-Through = 1


I've appended the schemas in /etc/openldap/slapd.conf:
/usr/share/doc/freeradius-1.0.4/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.4/RADIUS-LDAP.schema

Well, when I issue radtest in debug mode I get:
radtest testuser sample  localhost  0  testing123
Sending Access-Request of id 88 to 127.0.0.1:1812
        User-Name = "testuser"
        User-Password = "sample"
        NAS-IP-Address = host.mydomain.com
        NAS-Port = 0
rad_recv: Access-Request packet from host 127.0.0.1:42077, id=88, length=58
        User-Name = "testuser"
        User-Password = "sample"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 155
  modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat:  '(uid=testuser)'
radius_xlat:  'ou=people,dc=mydomain,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=mydomain,dc=com, with filter 
(uid=testuser)
rlm_ldap: Added password sample in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  modcall[authenticate]: module "unix" returns notfound for request 2
modcall: group authenticate returns notfound for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 88 to 127.0.0.1:42077
Waking up in 4 seconds...
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=88, length=20
17:20:33 [root@spike] /etc/raddb
$ --- Walking the entire request list ---
Cleaning up request 2 ID 88 with timestamp 46dc6c8f
Nothing to do.  Sleeping until we see a request.


Please could you lend me a hand to resolv this issue?
Thanks in advance!
-- 
Sergio Belkin
Comunicación e Internet


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux