|
LDAP & RADIUS integration
Please find below the LDAP and RADIUS conf of my RHEL-5 Server. I hace been integrating LDAP with RADIUS. But when I query through radtest command (check last command below), it displays error msg.Access-Reject.
the user name which I used in below conf is manu.I have created one more test user, named abc and set to Auth-Type = System, ot works fine. I think LDAP is not integrated with RADIUS.
Please check the error and highlight me errors in conf files.
[root@test4 bin]# radiusd -X -A
rad_recv: Access-Request packet from host 127.0.0.1:32956, id=68, length=56
User-Name = "manu"
User-Password = "manu"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "manu", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 3
users: Matched entry manu at line 86
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for manu
radius_xlat: '(uid=manu)'
radius_xlat: 'dc=example,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=example,dc=com, with filter (uid=manu)
rlm_ldap: no dialupAccess attribute - access denied by default
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns userlock for request 3
modcall: leaving group authorize (returns userlock) for request 3
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 68 to 127.0.0.1 port 32956
Reply-Message = "Hello Manu"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 68 with timestamp 46f5163e
Nothing to do. Sleeping until we see a request.
[root@test4 ~]# vi /etc/raddb/users
manu Auth-Type := LDAP
# Reply-Message = "Sorry Manu"
DEFAULT Auth-Type = System
Fall-Through = 1
DEFAULT Auth-Type = LDAP
Fall-Through = 1
[root@test4 ~]# vi /etc/raddb/clients.conf
client 172.16.2.0/24 {
secret = jumbo
shortname = anything
}
[root@test4 ~]# vi /etc/raddb/radiusd.conf
ldap {
server = "localhost"
basedn = "dc=example,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
password_attribute = userPassword
}
[root@test4 ~]# radtest manu manu localhost 2 testing123
Sending Access-Request of id 91 to 127.0.0.1 port 1812
User-Name = "manu"
User-Password = "manu"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=91, length=32
Reply-Message = "Hello Manu"
[root@test4 ~]#
This is the output of ldapsearch command which I think that LDAP is running fine.
[root@test4 ~]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
manu, People, example.com
dn: uid=manu,ou=People,dc=example,dc=com
uid: manu
cn: manu
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJEJ5VmxSRHUzJEpVMHBqM0MwRm5BNXRDZUlyc2dTeS4=
shadowLastChange: 13778
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 509
gidNumber: 509
homeDirectory: /home/manu
# search result
search: 2
result: 0 Success
# numResponses: 9
# numEntries: 8
[root@test4 ~]#
|
