FreeRadius Unable to do eDirectory Account Policy Checks
Hey all,
I have a SLES10SP1 installation with FreeRadius 2.0.2 compiled with eDir
support. When I'm trying to authenticate it works fine, but when I
enable the edir_account_policy_check it fails, with all accounts I tried
(accounts are OK). I receive these messages while in debug mode:
---cut---
Wed Mar 26 14:56:23 2008 : Debug: auth: type "CHAP"
Wed Mar 26 14:56:23 2008 : Debug: +- entering group CHAP
Wed Mar 26 14:56:23 2008 : Debug: modsingle[authenticate]: calling
chap (rlm_chap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: rlm_chap: login attempt by "sjohoo"
with CHAP password
Wed Mar 26 14:56:23 2008 : Debug: rlm_chap: Using clear text password
"**********" for user sjohoo authentication.
Wed Mar 26 14:56:23 2008 : Debug: rlm_chap: chap user sjohoo
authenticated succesfully
Wed Mar 26 14:56:23 2008 : Debug: modsingle[authenticate]: returned
from chap (rlm_chap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: ++[chap] returns ok
Wed Mar 26 14:56:23 2008 : Auth: Login OK: [sjohoo/<CHAP-Password>]
(from client WXL09-A port 1 cli 00-40-96-B0-47-6C)
Wed Mar 26 14:56:23 2008 : Debug: +- entering group post-auth
Wed Mar 26 14:56:23 2008 : Debug: modsingle[post-auth]: calling
ldap_oc99_personeel (rlm_ldap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: rlm_ldap: User's FQDN not in config
items list.
Wed Mar 26 14:56:23 2008 : Debug: modsingle[post-auth]: returned from
ldap_oc99_personeel (rlm_ldap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: ++[ldap_oc99_personeel] returns fail
Wed Mar 26 14:56:23 2008 : Debug: Found Post-Auth-Type Reject
Wed Mar 26 14:56:23 2008 : Debug: +- entering group REJECT
Wed Mar 26 14:56:23 2008 : Debug: modsingle[post-auth]: calling
ldap_oc99_personeel (rlm_ldap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: rlm_ldap: User's FQDN not in config
items list.
Wed Mar 26 14:56:23 2008 : Debug: modsingle[post-auth]: returned from
ldap_oc99_personeel (rlm_ldap) for request 0
Wed Mar 26 14:56:23 2008 : Debug: ++[ldap_oc99_personeel] returns fail
Wed Mar 26 14:56:23 2008 : Debug: Delaying reject of request 0 for 1 seconds
Wed Mar 26 14:56:23 2008 : Debug: Going to the next request
Wed Mar 26 14:56:23 2008 : Debug: Waking up in 0.8 seconds.
Wed Mar 26 14:56:24 2008 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 163 to 10.9.30.1 port 1082
Wed Mar 26 14:56:24 2008 : Debug: Waking up in 4.9 seconds.
Wed Mar 26 14:56:29 2008 : Debug: Cleaning up request 0 ID 163 with
timestamp +8
Wed Mar 26 14:56:29 2008 : Debug: Ready to process requests.
I think my problem is "rlm_ldap: User's FQDN not in config items list" .
The thing is I don't know what to do about it. Google ain't exactly my
friend here. Does somebody know what to about this?
Some more information:
Authentication type:eap
eDir version on LDAP server: 8.8.2
freeradius service is running in debug mode with root priveleges (yeah I
know, I'll change that before bringing it into production)
Config files are the same as on a freeradius 1.0.5 server which worked
fine. We just need Vista support now so I'm testing with the newest version.
Thanx
Sjoerd
|
Threaded Mode
