LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 09-22-2007, 09:46 AM   #1
sachin1361
Member
 
Registered: Feb 2007
Posts: 126

Rep: Reputation: 15
LDAP & RADIUS integration


Please find below the LDAP and RADIUS conf of my RHEL-5 Server. I hace been integrating LDAP with RADIUS. But when I query through radtest command (check last command below), it displays error msg.Access-Reject.
the user name which I used in below conf is manu.I have created one more test user, named abc and set to Auth-Type = System, ot works fine. I think LDAP is not integrated with RADIUS.

Please check the error and highlight me errors in conf files.

[root@test4 bin]# radiusd -X -A


rad_recv: Access-Request packet from host 127.0.0.1:32956, id=68, length=56
User-Name = "manu"
User-Password = "manu"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "manu", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 3
users: Matched entry manu at line 86
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for manu
radius_xlat: '(uid=manu)'
radius_xlat: 'dc=example,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=example,dc=com, with filter (uid=manu)
rlm_ldap: no dialupAccess attribute - access denied by default
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns userlock for request 3
modcall: leaving group authorize (returns userlock) for request 3
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 68 to 127.0.0.1 port 32956
Reply-Message = "Hello Manu"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 68 with timestamp 46f5163e
Nothing to do. Sleeping until we see a request.


[root@test4 ~]# vi /etc/raddb/users

manu Auth-Type := LDAP
# Reply-Message = "Sorry Manu"

DEFAULT Auth-Type = System
Fall-Through = 1

DEFAULT Auth-Type = LDAP
Fall-Through = 1


[root@test4 ~]# vi /etc/raddb/clients.conf

client 172.16.2.0/24 {
secret = jumbo
shortname = anything
}


[root@test4 ~]# vi /etc/raddb/radiusd.conf

ldap {
server = "localhost"
basedn = "dc=example,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
password_attribute = userPassword
}

[root@test4 ~]# radtest manu manu localhost 2 testing123
Sending Access-Request of id 91 to 127.0.0.1 port 1812
User-Name = "manu"
User-Password = "manu"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=91, length=32
Reply-Message = "Hello Manu"
[root@test4 ~]#


This is the output of ldapsearch command which I think that LDAP is running fine.

[root@test4 ~]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
manu, People, example.com
dn: uid=manu,ou=People,dc=example,dc=com
uid: manu
cn: manu
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJEJ5VmxSRHUzJEpVMHBqM0MwRm5BNXRDZUlyc2dTeS4=
shadowLastChange: 13778
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 509
gidNumber: 509
homeDirectory: /home/manu

# search result
search: 2
result: 0 Success

# numResponses: 9
# numEntries: 8
[root@test4 ~]#
 
Old 09-24-2007, 04:21 AM   #2
sachin1361
Member
 
Registered: Feb 2007
Posts: 126

Original Poster
Rep: Reputation: 15
ldap

Problem Solved

Thanx
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ldap Radius Auth... tmolise Linux - General 1 11-02-2006 05:12 AM
Ldap Radius Authentication tmolise Linux - Software 0 11-01-2006 11:49 AM
LDAP and RADIUS questions depam Linux - Software 4 08-17-2006 04:08 AM
integration of ldap with samba pdc mnitian Linux - Networking 3 07-26-2004 11:19 AM
Radius server Integration rockage2001 Linux - Security 4 09-16-2003 12:16 PM


All times are GMT -5. The time now is 04:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration