求助,freeradis和ldap server认证失败

johnhhj

1.freeradius的错误信息如下radtest johnhhj johnhhj .....)

1. adding new entry "cn=john he,ou=People,dc=aer,dc=com"
   
2. rad_recv: Access-Request packet from host 127.0.0.1:32769, id=13, length=59
   
3.         User-Name = "johnhhj"
   
4.         User-Password = "johnhhj"
   
5.         NAS-IP-Address = 255.255.255.255
   
6.         NAS-Port = 0
   
7.   Processing the authorize section of radiusd.conf
   
8. modcall: entering group authorize for request 8
   
9.   modcall[authorize]: module "preprocess" returns ok for request 8
   
10.   modcall[authorize]: module "chap" returns noop for request 8
    
11.   modcall[authorize]: module "mschap" returns noop for request 8
    
12.     rlm_realm: No '@' in User-Name = "johnhhj", looking up realm NULL
    
13.     rlm_realm: Found realm "NULL"
    
14.     rlm_realm: Proxying request from user johnhhj to realm NULL
    
15.     rlm_realm: Adding Realm = "NULL"
    
16.     rlm_realm: Authentication realm is LOCAL.
    
17.   modcall[authorize]: module "suffix" returns noop for request 8
    
18.   rlm_eap: No EAP-Message, not doing EAP
    
19.   modcall[authorize]: module "eap" returns noop for request 8
    
20.     users: Matched entry DEFAULT at line 153
    
21.   modcall[authorize]: module "files" returns ok for request 8
    
22. rlm_ldap: - authorize
    
23. rlm_ldap: performing user authorization for johnhhj
    
24. radius_xlat:  '(uid=johnhhj)'
    
25. radius_xlat:  'ou=People,o=aer.com'
    
26. rlm_ldap: ldap_get_conn: Checking Id: 0
    
27. rlm_ldap: ldap_get_conn: Got Id: 0
    
28. rlm_ldap: attempting LDAP reconnection
    
29. rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
    
30. rlm_ldap: bind as cn=root,o=aer.com,c=UA/ to 127.0.0.1:389
    
31. rlm_ldap: waiting for bind result ...
    
32. rlm_ldap: cn=root,o=aer.com,c=UA bind to 127.0.0.1:389 failed Server is unwilling to perform
    
33. rlm_ldap: (re)connection attempt failed
    
34. rlm_ldap: search failed
    
35. rlm_ldap: ldap_release_conn: Release Id: 0
    
36.   modcall[authorize]: module "ldap" returns fail for request 8

复制代码

modcall: leaving group authorize (returns fail) for request 8



2. radius.conf中ldap相关的配置

1.         ldap {
   
2.                 server = "127.0.0.1"
   
3.                 identity = "cn=root,o=aer.com"
   
4. #               password = mypass
   
5.                 basedn = "ou=People,o=aer.com"
   
6.                 filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
   
7.                 password_attribute = userPassword
   
8.                 access_attr = "People"

复制代码

3. ldap server中的记录如下:

1. # # extended LDIF
   
2. #
   
3. # LDAPv3
   
4. # base <> with scope subtree
   
5. # filter: (objectclass=*)
   
6. # requesting: ALL
   
7. #
   
8. 
   
9. # aer.com
   
10. dn: dc=aer,dc=com
    
11. objectClass: top
    
12. objectClass: domain
    
13. dc: aerohive
    
14. 
    
15. # People, aer.com
    
16. dn: ou=People,dc=aer,dc=com
    
17. objectClass: top
    
18. objectClass: organizationalUnit
    
19. ou: People
    
20. 
    
21. # Group, aer.com
    
22. dn: ou=Group,dc=aer,dc=com
    
23. objectClass: top
    
24. objectClass: organizationalUnit
    
25. ou: Group
    
26. 
    
27. # johnhhj, People, aer.com
    
28. dn: cn=johnhhj,ou=People,dc=aer,dc=com
    
29. cn: johnhhj
    
30. uid: johnhhj
    
31. sn: JOHNHHJ
    
32. userPassword:: am9obmhoag==
    
33. telephoneNumber: 0571-88134606
    
34. objectClass: inetOrgPerson
    
35. 
    
36. # johnhhj2, People, aer.com
    
37. dn: cn=johnhhj2,ou=People,dc=aer,dc=com
    
38. cn: johnhhj2
    
39. uid: johnhhj2
    
40. sn: JOHNHHJ2
    
41. userPassword:: am9obmhoajI=
    
42. telephoneNumber: 0574-88134606
    
43. objectClass: inetOrgPerson
    
44. 
    

复制代码

[ 本帖最后由 johnhhj 于 2007-5-23 11:40 编辑 ]