* [Comm] freeradius & openldap
@ 2005-03-31 13:04 max
2005-03-31 13:09 ` Dmitry Lebkov
0 siblings, 1 reply; 5+ messages in thread
From: max @ 2005-03-31 13:04 UTC (permalink / raw)
To: community
Не могу подружить freeradius & openldap на Мастер 2.4
Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через ldap.
freeradius немного обновлён.
# rpm -qa|grep freerad
freeradius-0.9.3-alt4.1
freeradius-python-0.9.3-alt4.1
freeradius-ldap-0.9.3-alt4.1
freeradius-mysql-0.9.3-alt4.1
freeradius-sqlcounter-0.9.3-alt4.1
freeradius-perl-0.9.3-alt4.1
freeradius-pgsql-0.9.3-alt4.1
# rpm -qa|grep openldap
openldap-clients-2.1.30-alt3
openldap-2.1.30-alt3
openldap-servers-2.1.30-alt3
Есть пользователь в openldap:
#ldapsearch -x -D "cn=admin,dc=zlt,dc=ru" -w secret uid=max1
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: uid=max1
# requesting: ALL
#
# max1, Users, zlt.ru
dn: uid=max1,ou=Users,dc=zlt,dc=ru
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
objectClass: posixAccount
sn: max
cn: max1
userPassword:: MTIz
displayName: max
givenName: max
initials: M
mail: max1@zlt.ru
o: MT
uid: max1
mailMessageStore: max1/Maildir/
accountStatus: active
homeDirectory: /home/max1
uidNumber: 1025
gidNumber: 1025
# radtest max1 123 127.0.0.1 2 testlocal
Sending Access-Request of id 79 to 127.0.0.1:1812
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = max
NAS-Port = 2
Re-sending Access-Request of id 79 to 127.0.0.1:1812
User-Name = "max1"
User-Password = "\t\330#\007\\\016\202\250L\266\223\226M\315\362\237"
NAS-IP-Address = max
NAS-Port = 2
Начиная со строчки Re-sending... повторяется пока не остановишь
А в это врем в другой консоли:
# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 5120
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = localhost IP address [127.0.0.1]
main: user = "radius"
main: group = "radius"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=admin,dc=zlt,dc=ru"
ldap: start_tls = no
ldap: password = "secret"
ldap: basedn = "ou=Users dc=zlt,dc=ru"
ldap: filter = "(&(objectClass=posixAccount)(uid=%u))"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "dialupAccess"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
conns: (nil)
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8102b58
Module: Instantiated ldap (ldap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address 127.0.0.1, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32838, id=41, length=56
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat: '(&(objectClass=posixAccount)(uid=max1))'
radius_xlat: 'ou=Users dc=zlt,dc=ru'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=zlt,dc=ru/secret to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter
(&(objectClass=posixAccount)(uid=max1))
rlm_ldap: ldap_search() failed: Invalid DN syntax
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 0
modcall: group authorize returns fail for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32838, id=41, length=56
Dropping packet from client localhost:32838 - ID: 41 due to dead request 0
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 41 with timestamp 424bf0f8
Nothing to do. Sleeping until we see a request.
Вот часть кофига радиуса:
ldap {
server = "localhost"
identity = "cn=admin,dc=zlt,dc=ru"
password = secret
basedn = "ou=Users dc=zlt,dc=ru"
filter = "(&(objectClass=posixAccount)(uid=%u))"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
start_tls = no
# set this to 'yes' to use TLS encrypted connections to the
# LDAP database by passing the LDAP_OPT_X_TLS_TRY option to
# the ldap library.
tls_mode = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
# ldap_cache_size = 0
ldap_connections_number = 5
# password_header = "{clear}"
password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# access_attr_used_for_allow = yes
}
Что может быть неправильно?
Буду очень рад рабочему конфигу или любой помощи!
--
MaX
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Comm] freeradius & openldap
2005-03-31 13:04 [Comm] freeradius & openldap max
@ 2005-03-31 13:09 ` Dmitry Lebkov
2005-04-01 4:08 ` [Comm] " max
2005-04-04 12:16 ` max
0 siblings, 2 replies; 5+ messages in thread
From: Dmitry Lebkov @ 2005-03-31 13:09 UTC (permalink / raw)
To: community
max wrote:
> Не могу подружить freeradius & openldap на Мастер 2.4
>
> Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через ldap.
>
> freeradius немного обновлён.
[ненужные подробности поскипаны]
> rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter (&(objectClass=posixAccount)(uid=max1))
> rlm_ldap: ldap_search() failed: Invalid DN syntax
Учимся внимательно читать debug output. Проблема в конфиге radius'а, в
секции ldap - в DN пропущена запятая
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns fail for request 0
> modcall: group authorize returns fail for request 0
И как результат - авторизация не пршла.
[skip]
> Вот часть кофига радиуса:
> ldap {
> server = "localhost"
> identity = "cn=admin,dc=zlt,dc=ru"
> password = secret
> basedn = "ou=Users dc=zlt,dc=ru"
^пропущена запятая
--
WBR, Dmitry Lebkov
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap
2005-03-31 13:09 ` Dmitry Lebkov
@ 2005-04-01 4:08 ` max
2005-04-04 12:16 ` max
1 sibling, 0 replies; 5+ messages in thread
From: max @ 2005-04-01 4:08 UTC (permalink / raw)
To: community
В сообщении от 31 Март 2005 19:09 Dmitry Lebkov написал(a):
> max wrote:
> > Не могу подружить freeradius & openldap на Мастер 2.4
> >
> > Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через
> > ldap.
> >
> > freeradius немного обновлён.
>
> [ненужные подробности поскипаны]
>
> > rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter
> > (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: ldap_search() failed:
> > Invalid DN syntax
>
> Учимся внимательно читать debug output. Проблема в конфиге radius'а, в
> секции ldap - в DN пропущена запятая
>
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns fail for request 0
> > modcall: group authorize returns fail for request 0
>
> И как результат - авторизация не пршла.
>
> [skip]
>
> > Вот часть кофига радиуса:
> > ldap {
> > server = "localhost"
> > identity = "cn=admin,dc=zlt,dc=ru"
> > password = secret
> > basedn = "ou=Users dc=zlt,dc=ru"
>
> ^пропущена запятая
Большое спасибо, совсем запарился уже к вечеру и "слона" не заметил.
Буду пробовать дальше.
--
MaX
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap
2005-03-31 13:09 ` Dmitry Lebkov
2005-04-01 4:08 ` [Comm] " max
@ 2005-04-04 12:16 ` max
2005-04-04 12:33 ` max
1 sibling, 1 reply; 5+ messages in thread
From: max @ 2005-04-04 12:16 UTC (permalink / raw)
To: community
В сообщении от 31 Март 2005 19:09 Dmitry Lebkov написал(a):
> max wrote:
> > Не могу подружить freeradius & openldap на Мастер 2.4
> >
> > Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через
> > ldap.
> >
> > freeradius немного обновлён.
>
> [ненужные подробности поскипаны]
>
> > rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter
> > (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: ldap_search() failed:
> > Invalid DN syntax
>
> Учимся внимательно читать debug output. Проблема в конфиге radius'а, в
> секции ldap - в DN пропущена запятая
>
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns fail for request 0
> > modcall: group authorize returns fail for request 0
>
> И как результат - авторизация не пршла.
>
> [skip]
>
> > Вот часть кофига радиуса:
> > ldap {
> > server = "localhost"
> > identity = "cn=admin,dc=zlt,dc=ru"
> > password = secret
> > basedn = "ou=Users dc=zlt,dc=ru"
>
> ^пропущена запятая
Это помогло, сразу заработало.
#radtest max1 123 localhost 2 testlocal
Sending Access-Request of id 13 to 127.0.0.1:1812
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = max
NAS-Port = 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=13, length=99
Framed-Compression = None
Framed-MTU = 1400
Framed-Routing = Broadcast-Listen
Framed-Route = "192.168.1.0/24 192.168.200.204/32 1"
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 192.168.10.100
Framed-Protocol = PPP
Service-Type = Framed-User
# radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1:32936, id=13, length=56
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
modcall: entering group authorize for request 16
modcall[authorize]: module "preprocess" returns ok for request 16
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat: '(&(objectClass=posixAccount)(uid=max1))'
radius_xlat: 'ou=Users, dc=zlt,dc=ru'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users, dc=zlt,dc=ru, with filter
(&(objectClass=posixAccount)(uid=max1))
rlm_ldap: checking if remote access for max1 is allowed by dialupAccess
rlm_ldap: Added password 123 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None &
op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Listen
& op=11
rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24
192.168.200.204/32 1 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.10.100 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: user max1 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 16
modcall: group authorize returns ok for request 16
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype for request 16
rlm_ldap: - authenticate
rlm_ldap: login attempt by "max1" with password "123"
rlm_ldap: user DN: uid=max1,ou=Users,dc=zlt,dc=ru
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=max1,ou=Users,dc=zlt,dc=ru/123 to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user max1 authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 16
modcall: group authtype returns ok for request 16
Login OK: [max1] (from client localhost port 2)
Sending Access-Accept of id 13 to 127.0.0.1:32936
Framed-Compression = None
Framed-MTU = 1400
Framed-Routing = Broadcast-Listen
Framed-Route = "192.168.1.0/24 192.168.200.204/32 1"
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 192.168.10.100
Framed-Protocol = PPP
Service-Type = Framed-User
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 13 with timestamp 4251220c
Nothing to do. Sleeping until we see a request.
Короче radtest работает.
Но подключится к pptpd не получается. Неверный логин-пароль :(
Вот что в логах:
Apr 4 17:51:33 max pptpd[23341]: CTRL: Client 192.168.11.62 control
connection started
Apr 4 17:51:33 max pptpd[23341]: CTRL: Starting call (launching pppd, opening
GRE)
Apr 4 17:51:33 max pppd[23342]: Plugin radius.so loaded.
Apr 4 17:51:33 max pppd[23342]: RADIUS plugin initialized.
Apr 4 17:51:33 max pppd[23342]: pppd 2.4.2 started by root, uid 0
Apr 4 17:51:33 max pptpd[23341]: GRE: Discarding duplicate packet
Apr 4 17:51:33 max pppd[23342]: Using interface ppp1
Apr 4 17:51:33 max pppd[23342]: Connect: ppp1 <--> /dev/pts/8
Apr 4 17:51:33 max pptpd[23341]: GRE: Bad checksum from pppd.
Apr 4 17:51:35 max pptpd[23341]: CTRL: Ignored a SET LINK INFO packet with
real ACCMs!
Apr 4 17:51:36 max pptp[22751]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent
control packet type is 5 'Echo-Request'
Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:659]: Echo Reply
received.
Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:661]: no more
Echo Reply/Request packets will be reported.
Apr 4 17:51:37 max pppd[23342]: Peer max1 failed CHAP authentication
Apr 4 17:51:37 max pppd[23342]: Connection terminated.
Apr 4 17:51:37 max pppd[23342]: Exit.
В это время # radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1:32996, id=221, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "max1"
MS-CHAP-Challenge = 0xfd0cf587b3d545c1888e02d8fe9527a6
MS-CHAP2-Response =
0x1e0013afdccec8c685742c81fdcd87c34fa10000000000000000740fd7751f825f095cb8e04f062026ef56f0a0256665feab
NAS-IP-Address = 192.168.11.15
NAS-Port = 1
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat: '(&(objectClass=posixAccount)(uid=max1))'
radius_xlat: 'ou=Users, dc=zlt,dc=ru'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users, dc=zlt,dc=ru, with filter
(&(objectClass=posixAccount)(uid=max1))
rlm_ldap: checking if remote access for max1 is allowed by dialupAccess
rlm_ldap: Added password 123 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None &
op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Listen
& op=11
rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24
192.168.200.204/32 1 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.10.100 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: user max1 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype for request 3
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "ldap" returns invalid for request 3
modcall: group authtype returns invalid for request 3
auth: Failed to validate the user.
Login incorrect: [max1/<no User-Password attribute>] (from client localhost
port 1)
Delaying request 3 for 1 seconds
Finished request 3
Куда девался User-Password ?
Ведь был вначале вывода radiusd -X пароль, а в конце нету....
--
MaX
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap
2005-04-04 12:16 ` max
@ 2005-04-04 12:33 ` max
0 siblings, 0 replies; 5+ messages in thread
From: max @ 2005-04-04 12:33 UTC (permalink / raw)
To: community
Проблему решил сам.
Был неверный конфиг радиус сервера, а конкретней отсутствовало в секциях
авторизации и аутентификации упоминание про chap и mschap.
--
MaX
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-04-04 12:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-03-31 13:04 [Comm] freeradius & openldap max
2005-03-31 13:09 ` Dmitry Lebkov
2005-04-01 4:08 ` [Comm] " max
2005-04-04 12:16 ` max
2005-04-04 12:33 ` max
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git