LDAP & RADIUS integration
Please find below the LDAP and RADIUS conf of my RHEL-5 Server. I hace been integrating LDAP with RADIUS. But when I query through radtest command (check last command below), it displays error msg.Access-Reject.
the user name which I used in below conf is manu.I have created one more test user, named abc and set to Auth-Type = System, ot works fine. I think LDAP is not integrated with RADIUS. Please check the error and highlight me errors in conf files. [root@test4 bin]# radiusd -X -A rad_recv: Access-Request packet from host 127.0.0.1:32956, id=68, length=56 User-Name = "manu" User-Password = "manu" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "manu", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 3 users: Matched entry manu at line 86 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for manu radius_xlat: '(uid=manu)' radius_xlat: 'dc=example,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=example,dc=com, with filter (uid=manu) rlm_ldap: no dialupAccess attribute - access denied by default rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns userlock for request 3 modcall: leaving group authorize (returns userlock) for request 3 Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 68 to 127.0.0.1 port 32956 Reply-Message = "Hello Manu" Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 68 with timestamp 46f5163e Nothing to do. Sleeping until we see a request. [root@test4 ~]# vi /etc/raddb/users manu Auth-Type := LDAP # Reply-Message = "Sorry Manu" DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = LDAP Fall-Through = 1 [root@test4 ~]# vi /etc/raddb/clients.conf client 172.16.2.0/24 { secret = jumbo shortname = anything } [root@test4 ~]# vi /etc/raddb/radiusd.conf ldap { server = "localhost" basedn = "dc=example,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" password_attribute = userPassword } [root@test4 ~]# radtest manu manu localhost 2 testing123 Sending Access-Request of id 91 to 127.0.0.1 port 1812 User-Name = "manu" User-Password = "manu" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=91, length=32 Reply-Message = "Hello Manu" [root@test4 ~]# This is the output of ldapsearch command which I think that LDAP is running fine. [root@test4 ~]# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)' manu, People, example.com dn: uid=manu,ou=People,dc=example,dc=com uid: manu cn: manu objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword:: e2NyeXB0fSQxJEJ5VmxSRHUzJEpVMHBqM0MwRm5BNXRDZUlyc2dTeS4= shadowLastChange: 13778 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 509 gidNumber: 509 homeDirectory: /home/manu # search result search: 2 result: 0 Success # numResponses: 9 # numEntries: 8 [root@test4 ~]# |
ldap
Problem Solved
Thanx |
All times are GMT -5. The time now is 04:14 PM. |