From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: max To: community@altlinux.ru Date: Mon, 4 Apr 2005 18:16:53 +0600 User-Agent: KMail/1.6.2 References: <200503311904.01561.alt@zlt.ru> <424BF695.1000507@sakhalin.ru> In-Reply-To: <424BF695.1000507@sakhalin.ru> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Message-Id: <200504041816.53472.alt@zlt.ru> Subject: [Comm] Re: freeradius & openldap X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: community@altlinux.ru List-Id: Mailing list for ALT Linux users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 12:08:00 -0000 Archived-At: List-Archive: List-Post: =F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 31 =ED=C1=D2=D4 2005 19:09 Dmitry Le= bkov =CE=C1=D0=C9=D3=C1=CC(a): > max wrote: > > =EE=C5 =CD=CF=C7=D5 =D0=CF=C4=D2=D5=D6=C9=D4=D8 freeradius & openldap = =CE=C1 =ED=C1=D3=D4=C5=D2 2.4 > > > > =EB=D4=CF-=CE=C9=C2=D5=C4=D8 =C4=C5=CC=C1=CC =D4=C1=CB=CF=C5? =F7 =C9= =C4=C5=C1=CC=C5 =C8=CF=D4=C5=CC =D0=CF=CC=D5=DE=C9=D4=D8 vpn =D3 =C1=D7=D4= =CF=D2=C9=DA=C1=C3=C9=C5=CA =DE=C5=D2=C5=DA > > ldap. > > > > freeradius =CE=C5=CD=CE=CF=C7=CF =CF=C2=CE=CF=D7=CC=A3=CE. > > [=CE=C5=CE=D5=D6=CE=D9=C5 =D0=CF=C4=D2=CF=C2=CE=CF=D3=D4=C9 =D0=CF=D3=CB= =C9=D0=C1=CE=D9] > > > rlm_ldap: performing search in ou=3DUsers dc=3Dzlt,dc=3Dru, with filter > > (&(objectClass=3DposixAccount)(uid=3Dmax1)) rlm_ldap: ldap_search() fai= led: > > Invalid DN syntax > > =F5=DE=C9=CD=D3=D1 =D7=CE=C9=CD=C1=D4=C5=CC=D8=CE=CF =DE=C9=D4=C1=D4=D8 d= ebug output. =F0=D2=CF=C2=CC=C5=CD=C1 =D7 =CB=CF=CE=C6=C9=C7=C5 radius'=C1,= =D7 > =D3=C5=CB=C3=C9=C9 ldap - =D7 DN =D0=D2=CF=D0=D5=DD=C5=CE=C1 =DA=C1=D0=D1= =D4=C1=D1 > > > rlm_ldap: search failed > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns fail for request 0 > > modcall: group authorize returns fail for request 0 > > =E9 =CB=C1=CB =D2=C5=DA=D5=CC=D8=D4=C1=D4 - =C1=D7=D4=CF=D2=C9=DA=C1=C3= =C9=D1 =CE=C5 =D0=D2=DB=CC=C1. > > [skip] > > > =F7=CF=D4 =DE=C1=D3=D4=D8 =CB=CF=C6=C9=C7=C1 =D2=C1=C4=C9=D5=D3=C1: > > ldap { > > server =3D "localhost" > > identity =3D "cn=3Dadmin,dc=3Dzlt,dc=3Dru" > > password =3D secret > > basedn =3D "ou=3DUsers dc=3Dzlt,dc=3Dru" > > ^=D0=D2=CF=D0=D5=DD=C5=CE=C1 =DA=C1= =D0=D1=D4=C1=D1 =FC=D4=CF =D0=CF=CD=CF=C7=CC=CF, =D3=D2=C1=DA=D5 =DA=C1=D2=C1=C2=CF=D4=C1= =CC=CF. #radtest max1 123 localhost 2 testlocal Sending Access-Request of id 13 to 127.0.0.1:1812 User-Name =3D "max1" User-Password =3D "123" NAS-IP-Address =3D max NAS-Port =3D 2 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=3D13, length=3D= 99 Framed-Compression =3D None Framed-MTU =3D 1400 Framed-Routing =3D Broadcast-Listen Framed-Route =3D "192.168.1.0/24 192.168.200.204/32 1" Framed-IP-Netmask =3D 255.255.255.255 Framed-IP-Address =3D 192.168.10.100 Framed-Protocol =3D PPP Service-Type =3D Framed-User # radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:32936, id=3D13, length= =3D56 User-Name =3D "max1" User-Password =3D "123" NAS-IP-Address =3D 255.255.255.255 NAS-Port =3D 2 modcall: entering group authorize for request 16 modcall[authorize]: module "preprocess" returns ok for request 16 rlm_ldap: - authorize rlm_ldap: performing user authorization for max1 radius_xlat: '(&(objectClass=3DposixAccount)(uid=3Dmax1))' radius_xlat: 'ou=3DUsers, dc=3Dzlt,dc=3Dru' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=3DUsers, dc=3Dzlt,dc=3Dru, with filter=20 (&(objectClass=3DposixAccount)(uid=3Dmax1)) rlm_ldap: checking if remote access for max1 is allowed by dialupAccess rlm_ldap: Added password 123 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None = &=20 op=3D11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=3D11 rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Lis= ten=20 & op=3D11 rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24=20 192.168.200.204/32 1 & op=3D11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value=20 255.255.255.255 & op=3D11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value=20 192.168.10.100 & op=3D11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=3D= 11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op= =3D11 rlm_ldap: user max1 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 16 modcall: group authorize returns ok for request 16 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group authtype for request 16 rlm_ldap: - authenticate rlm_ldap: login attempt by "max1" with password "123" rlm_ldap: user DN: uid=3Dmax1,ou=3DUsers,dc=3Dzlt,dc=3Dru rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=3Dmax1,ou=3DUsers,dc=3Dzlt,dc=3Dru/123 to localhost:3= 89 rlm_ldap: waiting for bind result ... rlm_ldap: user max1 authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 16 modcall: group authtype returns ok for request 16 Login OK: [max1] (from client localhost port 2) Sending Access-Accept of id 13 to 127.0.0.1:32936 Framed-Compression =3D None Framed-MTU =3D 1400 Framed-Routing =3D Broadcast-Listen Framed-Route =3D "192.168.1.0/24 192.168.200.204/32 1" Framed-IP-Netmask =3D 255.255.255.255 Framed-IP-Address =3D 192.168.10.100 Framed-Protocol =3D PPP Service-Type =3D Framed-User =46inished request 16 Going to the next request =2D-- Walking the entire request list --- Waking up in 6 seconds... =2D-- Walking the entire request list --- Cleaning up request 16 ID 13 with timestamp 4251220c Nothing to do. Sleeping until we see a request. =EB=CF=D2=CF=DE=C5 radtest =D2=C1=C2=CF=D4=C1=C5=D4. =EE=CF =D0=CF=C4=CB=CC=C0=DE=C9=D4=D3=D1 =CB pptpd =CE=C5 =D0=CF=CC=D5=DE= =C1=C5=D4=D3=D1. =EE=C5=D7=C5=D2=CE=D9=CA =CC=CF=C7=C9=CE-=D0=C1=D2=CF=CC= =D8 :( =F7=CF=D4 =DE=D4=CF =D7 =CC=CF=C7=C1=C8: Apr 4 17:51:33 max pptpd[23341]: CTRL: Client 192.168.11.62 control=20 connection started Apr 4 17:51:33 max pptpd[23341]: CTRL: Starting call (launching pppd, open= ing=20 GRE) Apr 4 17:51:33 max pppd[23342]: Plugin radius.so loaded. Apr 4 17:51:33 max pppd[23342]: RADIUS plugin initialized. Apr 4 17:51:33 max pppd[23342]: pppd 2.4.2 started by root, uid 0 Apr 4 17:51:33 max pptpd[23341]: GRE: Discarding duplicate packet Apr 4 17:51:33 max pppd[23342]: Using interface ppp1 Apr 4 17:51:33 max pppd[23342]: Connect: ppp1 <--> /dev/pts/8 Apr 4 17:51:33 max pptpd[23341]: GRE: Bad checksum from pppd. Apr 4 17:51:35 max pptpd[23341]: CTRL: Ignored a SET LINK INFO packet with= =20 real ACCMs! Apr 4 17:51:36 max pptp[22751]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent= =20 control packet type is 5 'Echo-Request' Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:659]: Echo Re= ply=20 received. Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:661]: no more= =20 Echo Reply/Request packets will be reported. Apr 4 17:51:37 max pppd[23342]: Peer max1 failed CHAP authentication Apr 4 17:51:37 max pppd[23342]: Connection terminated. Apr 4 17:51:37 max pppd[23342]: Exit. =F7 =DC=D4=CF =D7=D2=C5=CD=D1 # radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:32996, id=3D221, length= =3D132 Service-Type =3D Framed-User Framed-Protocol =3D PPP User-Name =3D "max1" MS-CHAP-Challenge =3D 0xfd0cf587b3d545c1888e02d8fe9527a6 MS-CHAP2-Response =3D=20 0x1e0013afdccec8c685742c81fdcd87c34fa10000000000000000740fd7751f825f095cb8e= 04f062026ef56f0a0256665feab NAS-IP-Address =3D 192.168.11.15 NAS-Port =3D 1 modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for max1 radius_xlat: '(&(objectClass=3DposixAccount)(uid=3Dmax1))' radius_xlat: 'ou=3DUsers, dc=3Dzlt,dc=3Dru' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=3DUsers, dc=3Dzlt,dc=3Dru, with filter=20 (&(objectClass=3DposixAccount)(uid=3Dmax1)) rlm_ldap: checking if remote access for max1 is allowed by dialupAccess rlm_ldap: Added password 123 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None = &=20 op=3D11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=3D11 rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Lis= ten=20 & op=3D11 rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24=20 192.168.200.204/32 1 & op=3D11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value=20 255.255.255.255 & op=3D11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value=20 192.168.10.100 & op=3D11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=3D= 11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op= =3D11 rlm_ldap: user max1 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group authtype for request 3 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 3 modcall: group authtype returns invalid for request 3 auth: Failed to validate the user. Login incorrect: [max1/] (from client localhost= =20 port 1) Delaying request 3 for 1 seconds =46inished request 3 =EB=D5=C4=C1 =C4=C5=D7=C1=CC=D3=D1 User-Password ? =F7=C5=C4=D8 =C2=D9=CC =D7=CE=C1=DE=C1=CC=C5 =D7=D9=D7=CF=C4=C1 radiusd -X = =D0=C1=D2=CF=CC=D8, =C1 =D7 =CB=CF=CE=C3=C5 =CE=C5=D4=D5.... =2D-=20 MaX