* [Comm] freeradius & openldap
@ 2005-03-31 13:04 max
2005-03-31 13:09 ` Dmitry Lebkov
0 siblings, 1 reply; 5+ messages in thread
From: max @ 2005-03-31 13:04 UTC (permalink / raw)
To: community
Не могу подружить freeradius & openldap на Мастер 2.4
Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через ldap.
freeradius немного обновлён.
# rpm -qa|grep freerad
freeradius-0.9.3-alt4.1
freeradius-python-0.9.3-alt4.1
freeradius-ldap-0.9.3-alt4.1
freeradius-mysql-0.9.3-alt4.1
freeradius-sqlcounter-0.9.3-alt4.1
freeradius-perl-0.9.3-alt4.1
freeradius-pgsql-0.9.3-alt4.1
# rpm -qa|grep openldap
openldap-clients-2.1.30-alt3
openldap-2.1.30-alt3
openldap-servers-2.1.30-alt3
Есть пользователь в openldap:
#ldapsearch -x -D "cn=admin,dc=zlt,dc=ru" -w secret uid=max1
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: uid=max1
# requesting: ALL
#
# max1, Users, zlt.ru
dn: uid=max1,ou=Users,dc=zlt,dc=ru
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
objectClass: posixAccount
sn: max
cn: max1
userPassword:: MTIz
displayName: max
givenName: max
initials: M
mail: max1@zlt.ru
o: MT
uid: max1
mailMessageStore: max1/Maildir/
accountStatus: active
homeDirectory: /home/max1
uidNumber: 1025
gidNumber: 1025
# radtest max1 123 127.0.0.1 2 testlocal
Sending Access-Request of id 79 to 127.0.0.1:1812
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = max
NAS-Port = 2
Re-sending Access-Request of id 79 to 127.0.0.1:1812
User-Name = "max1"
User-Password = "\t\330#\007\\\016\202\250L\266\223\226M\315\362\237"
NAS-IP-Address = max
NAS-Port = 2
Начиная со строчки Re-sending... повторяется пока не остановишь
А в это врем в другой консоли:
# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 5120
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = localhost IP address [127.0.0.1]
main: user = "radius"
main: group = "radius"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=admin,dc=zlt,dc=ru"
ldap: start_tls = no
ldap: password = "secret"
ldap: basedn = "ou=Users dc=zlt,dc=ru"
ldap: filter = "(&(objectClass=posixAccount)(uid=%u))"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "dialupAccess"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
conns: (nil)
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8102b58
Module: Instantiated ldap (ldap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address 127.0.0.1, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32838, id=41, length=56
User-Name = "max1"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat: '(&(objectClass=posixAccount)(uid=max1))'
radius_xlat: 'ou=Users dc=zlt,dc=ru'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=zlt,dc=ru/secret to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter
(&(objectClass=posixAccount)(uid=max1))
rlm_ldap: ldap_search() failed: Invalid DN syntax
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 0
modcall: group authorize returns fail for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:32838, id=41, length=56
Dropping packet from client localhost:32838 - ID: 41 due to dead request 0
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 41 with timestamp 424bf0f8
Nothing to do. Sleeping until we see a request.
Вот часть кофига радиуса:
ldap {
server = "localhost"
identity = "cn=admin,dc=zlt,dc=ru"
password = secret
basedn = "ou=Users dc=zlt,dc=ru"
filter = "(&(objectClass=posixAccount)(uid=%u))"
# set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
start_tls = no
# set this to 'yes' to use TLS encrypted connections to the
# LDAP database by passing the LDAP_OPT_X_TLS_TRY option to
# the ldap library.
tls_mode = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
# ldap_cache_size = 0
ldap_connections_number = 5
# password_header = "{clear}"
password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# access_attr_used_for_allow = yes
}
Что может быть неправильно?
Буду очень рад рабочему конфигу или любой помощи!
--
MaX
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [Comm] freeradius & openldap 2005-03-31 13:04 [Comm] freeradius & openldap max @ 2005-03-31 13:09 ` Dmitry Lebkov 2005-04-01 4:08 ` [Comm] " max 2005-04-04 12:16 ` max 0 siblings, 2 replies; 5+ messages in thread From: Dmitry Lebkov @ 2005-03-31 13:09 UTC (permalink / raw) To: community max wrote: > Не могу подружить freeradius & openldap на Мастер 2.4 > > Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через ldap. > > freeradius немного обновлён. [ненужные подробности поскипаны] > rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter (&(objectClass=posixAccount)(uid=max1)) > rlm_ldap: ldap_search() failed: Invalid DN syntax Учимся внимательно читать debug output. Проблема в конфиге radius'а, в секции ldap - в DN пропущена запятая > rlm_ldap: search failed > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns fail for request 0 > modcall: group authorize returns fail for request 0 И как результат - авторизация не пршла. [skip] > Вот часть кофига радиуса: > ldap { > server = "localhost" > identity = "cn=admin,dc=zlt,dc=ru" > password = secret > basedn = "ou=Users dc=zlt,dc=ru" ^пропущена запятая -- WBR, Dmitry Lebkov ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap 2005-03-31 13:09 ` Dmitry Lebkov @ 2005-04-01 4:08 ` max 2005-04-04 12:16 ` max 1 sibling, 0 replies; 5+ messages in thread From: max @ 2005-04-01 4:08 UTC (permalink / raw) To: community В сообщении от 31 Март 2005 19:09 Dmitry Lebkov написал(a): > max wrote: > > Не могу подружить freeradius & openldap на Мастер 2.4 > > > > Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через > > ldap. > > > > freeradius немного обновлён. > > [ненужные подробности поскипаны] > > > rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter > > (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: ldap_search() failed: > > Invalid DN syntax > > Учимся внимательно читать debug output. Проблема в конфиге radius'а, в > секции ldap - в DN пропущена запятая > > > rlm_ldap: search failed > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns fail for request 0 > > modcall: group authorize returns fail for request 0 > > И как результат - авторизация не пршла. > > [skip] > > > Вот часть кофига радиуса: > > ldap { > > server = "localhost" > > identity = "cn=admin,dc=zlt,dc=ru" > > password = secret > > basedn = "ou=Users dc=zlt,dc=ru" > > ^пропущена запятая Большое спасибо, совсем запарился уже к вечеру и "слона" не заметил. Буду пробовать дальше. -- MaX ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap 2005-03-31 13:09 ` Dmitry Lebkov 2005-04-01 4:08 ` [Comm] " max @ 2005-04-04 12:16 ` max 2005-04-04 12:33 ` max 1 sibling, 1 reply; 5+ messages in thread From: max @ 2005-04-04 12:16 UTC (permalink / raw) To: community В сообщении от 31 Март 2005 19:09 Dmitry Lebkov написал(a): > max wrote: > > Не могу подружить freeradius & openldap на Мастер 2.4 > > > > Кто-нибудь делал такое? В идеале хотел получить vpn с авторизацией через > > ldap. > > > > freeradius немного обновлён. > > [ненужные подробности поскипаны] > > > rlm_ldap: performing search in ou=Users dc=zlt,dc=ru, with filter > > (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: ldap_search() failed: > > Invalid DN syntax > > Учимся внимательно читать debug output. Проблема в конфиге radius'а, в > секции ldap - в DN пропущена запятая > > > rlm_ldap: search failed > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns fail for request 0 > > modcall: group authorize returns fail for request 0 > > И как результат - авторизация не пршла. > > [skip] > > > Вот часть кофига радиуса: > > ldap { > > server = "localhost" > > identity = "cn=admin,dc=zlt,dc=ru" > > password = secret > > basedn = "ou=Users dc=zlt,dc=ru" > > ^пропущена запятая Это помогло, сразу заработало. #radtest max1 123 localhost 2 testlocal Sending Access-Request of id 13 to 127.0.0.1:1812 User-Name = "max1" User-Password = "123" NAS-IP-Address = max NAS-Port = 2 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=13, length=99 Framed-Compression = None Framed-MTU = 1400 Framed-Routing = Broadcast-Listen Framed-Route = "192.168.1.0/24 192.168.200.204/32 1" Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 192.168.10.100 Framed-Protocol = PPP Service-Type = Framed-User # radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:32936, id=13, length=56 User-Name = "max1" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 modcall: entering group authorize for request 16 modcall[authorize]: module "preprocess" returns ok for request 16 rlm_ldap: - authorize rlm_ldap: performing user authorization for max1 radius_xlat: '(&(objectClass=posixAccount)(uid=max1))' radius_xlat: 'ou=Users, dc=zlt,dc=ru' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users, dc=zlt,dc=ru, with filter (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: checking if remote access for max1 is allowed by dialupAccess rlm_ldap: Added password 123 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None & op=11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=11 rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Listen & op=11 rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24 192.168.200.204/32 1 & op=11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.255 & op=11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 192.168.10.100 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user max1 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 16 modcall: group authorize returns ok for request 16 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group authtype for request 16 rlm_ldap: - authenticate rlm_ldap: login attempt by "max1" with password "123" rlm_ldap: user DN: uid=max1,ou=Users,dc=zlt,dc=ru rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=max1,ou=Users,dc=zlt,dc=ru/123 to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: user max1 authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 16 modcall: group authtype returns ok for request 16 Login OK: [max1] (from client localhost port 2) Sending Access-Accept of id 13 to 127.0.0.1:32936 Framed-Compression = None Framed-MTU = 1400 Framed-Routing = Broadcast-Listen Framed-Route = "192.168.1.0/24 192.168.200.204/32 1" Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 192.168.10.100 Framed-Protocol = PPP Service-Type = Framed-User Finished request 16 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 13 with timestamp 4251220c Nothing to do. Sleeping until we see a request. Короче radtest работает. Но подключится к pptpd не получается. Неверный логин-пароль :( Вот что в логах: Apr 4 17:51:33 max pptpd[23341]: CTRL: Client 192.168.11.62 control connection started Apr 4 17:51:33 max pptpd[23341]: CTRL: Starting call (launching pppd, opening GRE) Apr 4 17:51:33 max pppd[23342]: Plugin radius.so loaded. Apr 4 17:51:33 max pppd[23342]: RADIUS plugin initialized. Apr 4 17:51:33 max pppd[23342]: pppd 2.4.2 started by root, uid 0 Apr 4 17:51:33 max pptpd[23341]: GRE: Discarding duplicate packet Apr 4 17:51:33 max pppd[23342]: Using interface ppp1 Apr 4 17:51:33 max pppd[23342]: Connect: ppp1 <--> /dev/pts/8 Apr 4 17:51:33 max pptpd[23341]: GRE: Bad checksum from pppd. Apr 4 17:51:35 max pptpd[23341]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Apr 4 17:51:36 max pptp[22751]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent control packet type is 5 'Echo-Request' Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:659]: Echo Reply received. Apr 4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:661]: no more Echo Reply/Request packets will be reported. Apr 4 17:51:37 max pppd[23342]: Peer max1 failed CHAP authentication Apr 4 17:51:37 max pppd[23342]: Connection terminated. Apr 4 17:51:37 max pppd[23342]: Exit. В это время # radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:32996, id=221, length=132 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "max1" MS-CHAP-Challenge = 0xfd0cf587b3d545c1888e02d8fe9527a6 MS-CHAP2-Response = 0x1e0013afdccec8c685742c81fdcd87c34fa10000000000000000740fd7751f825f095cb8e04f062026ef56f0a0256665feab NAS-IP-Address = 192.168.11.15 NAS-Port = 1 modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for max1 radius_xlat: '(&(objectClass=posixAccount)(uid=max1))' radius_xlat: 'ou=Users, dc=zlt,dc=ru' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users, dc=zlt,dc=ru, with filter (&(objectClass=posixAccount)(uid=max1)) rlm_ldap: checking if remote access for max1 is allowed by dialupAccess rlm_ldap: Added password 123 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None & op=11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=11 rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Listen & op=11 rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24 192.168.200.204/32 1 & op=11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.255 & op=11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 192.168.10.100 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user max1 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group authtype for request 3 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 3 modcall: group authtype returns invalid for request 3 auth: Failed to validate the user. Login incorrect: [max1/<no User-Password attribute>] (from client localhost port 1) Delaying request 3 for 1 seconds Finished request 3 Куда девался User-Password ? Ведь был вначале вывода radiusd -X пароль, а в конце нету.... -- MaX ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Comm] Re: freeradius & openldap 2005-04-04 12:16 ` max @ 2005-04-04 12:33 ` max 0 siblings, 0 replies; 5+ messages in thread From: max @ 2005-04-04 12:33 UTC (permalink / raw) To: community Проблему решил сам. Был неверный конфиг радиус сервера, а конкретней отсутствовало в секциях авторизации и аутентификации упоминание про chap и mschap. -- MaX ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-04-04 12:33 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-03-31 13:04 [Comm] freeradius & openldap max 2005-03-31 13:09 ` Dmitry Lebkov 2005-04-01 4:08 ` [Comm] " max 2005-04-04 12:16 ` max 2005-04-04 12:33 ` max
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git