Erro de autenticação Freeradius + LDAP
1. Erro de autenticação Freeradius + LDAP
ricamos
(usa CentOS)
Enviado em 02/12/2015 - 15:40h
Olá,Ao restaurar um sistema com samba + freeradius meus problemas iniciaram. Nada funcionava até chegar ao ponto de os serviços estarem rodando porém o freeradius não autentica os usuários em uma base ldap remota.
Ao executar freeradius -X e rodar o radtest um erro eh apresentado:
$ radtest usuario senha 127.0.0.1 1812 senha_radius
Sending Access-Request of id 80 to 127.0.0.1 port 1812
User-Name = "usuario"
User-Password = "senha"
NAS-IP-Address = 127.0.1.1
NAS-Port = 389
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=80, length=20
$ freeradius -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 51067, id=29, length=57
User-Name = "usuario"
User-Password = "senha"
NAS-IP-Address = 127.0.1.1
NAS-Port = 389
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "admin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for admin
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> usuario
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=usuario)
[ldap] expand: dc=meu,dc=dominio,dc=br -> dc=meu,dc=dominio,dc=br
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 10.0.0.101:389, authentication 0
[ldap] bind as cn=usuario,dc=meu,dc=dominio,dc=br/senha to 10.0.0.101:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=meu,dc=dominio,dc=br, with filter (uid=usuario)
[ldap] ldap_search() failed: Protocol error
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> usuario
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 29 to 127.0.0.1 port 51067
Waking up in 4.9 seconds.
Cleaning up request 0 ID 29 with timestamp +12
Ready to process requests.
Os logs não são nada esclarecedores, apenas repete a seguinte informação: [ldap] ldap_search() failed: Protocol error
Já presente no monitoramento do Freeradius.
agradeço a ajuda.