Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I believe LDAP is running fine. As I my squid is configure to use LDAP and the authentication is working fine. I can do a "passwd user" and it says "LDAP password information changed for user".
radtest is succesfull for any LDAP user.
When I do a NTRadPing I get an accept to any LDAP user with appropriate CN. But when I try to connect from my MACBook or iPhone I get the following:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 0 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(uid=testuser)'
radius_xlat: 'dc=test,dc=local'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=test,dc=local, with filter (uid=testuser)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 4
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "ldap" returns invalid for request 4
modcall: leaving group LDAP (returns invalid) for request 4
auth: Failed to validate the user.
----------------------------------------
This is my first go at freeradius ldap and I would be very greatful for any help. Thanks in advance.
Well I would guess that it's the EAP method's use compared to what I would expect to be a CHAP or PAP method on your test tools. Can you show us a successful debug (with -xxx debug options) and some files... radiusd.conf, sites-enabled and the ldap module config (forget the exact file name offhand)
Last edited by acid_kewpie; 06-02-2009 at 12:38 PM.
Hi Chris,
I appreciate your quick reply.
Below please find a successful debug from NTRadPing and couple files:
rad_recv: Access-Request packet from host 192.168.1.32:1552, id=2, length=46
User-Name = "thomas"
User-Password = "thomas"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "thomas", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 6
modcall[authorize]: module "files" returns notfound for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for thomas
radius_xlat: '(uid=thomas)'
radius_xlat: 'dc=test,dc=local'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=test,dc=local, with filter (uid=thomas)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Setting Auth-Type = ldap
rlm_ldap: user thomas authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: leaving group authorize (returns ok) for request 6
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 6
rlm_ldap: - authenticate
rlm_ldap: login attempt by "thomas" with password "thomas"
rlm_ldap: user DN: cn=Thomas Surname,ou=Users,dc=test,dc=local
rlm_ldap: (re)connect to 192.168.1.254:389, authentication 1
rlm_ldap: bind as cn=Thomas Surname,ou=Users,dc=test,dc=local/thomas to 192.168.1.254:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user thomas authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 6
modcall: leaving group LDAP (returns ok) for request 6
Sending Access-Accept of id 2 to 192.168.1.32 port 1552
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
# The StartTLS operation is supposed to be used with normal
# ldap connections instead of using ldaps (port 689) connections
start_tls = no
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
