LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-07-2016, 05:35 AM   #1
lespaul1959
LQ Newbie
 
Registered: Sep 2016
Posts: 2

Rep: Reputation: Disabled
FreeRADIUS v3


Hi,

I'm trying to install and setup FreeRADIUS v3 on a new system. I've never touched LINUX before even though I'm a CISCO engineer.
Are there any documents explaining exactly how to configure this for LDAP? I can only find references to ver2.
I can authenticate a user locally just fine.

Sorry if this post has been covered before.

Thanks in advacne
 
Old 09-07-2016, 06:13 AM   #2
lespaul1959
LQ Newbie
 
Registered: Sep 2016
Posts: 2

Original Poster
Rep: Reputation: Disabled
Here is a debug output of what I have so far

Received Access-Request Id 15 from 10.212.8.36:57761 to 10.254.252.251:1812 length 46
User-Name = 'jgreen'
User-Password = '******'
(0) Received Access-Request packet from host 10.212.8.36 port 57761, id=15, length=46
(0) User-Name = 'jgreen'
(0) User-Password = '*****'
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) filter_username filter_username {
(0) if (!&User-Name)
(0) if (!&User-Name) -> FALSE
(0) if (&User-Name =~ / /)
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@.*@/ )
(0) if (&User-Name =~ /@.*@/ ) -> FALSE
(0) if (&User-Name =~ /\\.\\./ )
(0) if (&User-Name =~ /\\.\\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\\.$/)
(0) if (&User-Name =~ /\\.$/) -> FALSE
(0) if (&User-Name =~ /@\\./)
(0) if (&User-Name =~ /@\\./) -> FALSE
(0) } # filter_username filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Checking for suffix after "@"
(0) suffix : No '@' in User-Name = "jgreen", looking up realm NULL
(0) suffix : No such realm "NULL"
(0) [suffix] = noop
(0) eap : No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
rlm_ldap (ldap): Reserved connection (4)
(0) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(0) ldap : --> (uid=jgreen)
(0) ldap : EXPAND OU=Accounts,OU=People
(0) ldap : --> OU=Accounts,OU=People
(0) ldap : Performing search in 'OU=Accounts,OU=People' with filter '(uid=jgreen)', scope 'sub'
(0) ldap : Waiting for search result...
(0) ERROR: ldap : Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details.
(0) ERROR: ldap : Server said: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1.
rlm_ldap (ldap): Released connection (4)
(0) [ldap] = fail
(0) } # authorize = fail
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject : EXPAND %{User-Name}
(0) attr_filter.access_reject : --> jgreen
(0) attr_filter.access_reject : Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(0) [eap] = noop
(0) remove_reply_message_if_eap remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message)
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else else {
(0) [noop] = noop
(0) } # else else = noop
(0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sending Access-Reject packet to host 10.212.8.36 port 57761, id=15, length=0
Sending Access-Reject Id 15 from 10.254.252.251:1812 to 10.212.8.36:57761
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 15 with timestamp +2
Ready to process requests
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeRadius: Failed to open file '/etc/freeradius/sql/mysql/schema.sql', error: 13 firewallengineer Linux - Networking 1 07-20-2016 03:43 PM
FreeRadius Wojk Linux - Software 0 01-23-2013 11:44 PM
FreeRadius PsyDonia Linux - Server 1 10-02-2006 12:53 PM
freeRADIUS hohgch Linux - Newbie 2 05-05-2006 08:41 PM
freeradius lmatos Fedora 0 07-18-2005 04:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration