[Serusers] Help:SER-RADIUS-LDAP

Ivan Turcin ivan.turcin at fer.hr
Tue Apr 11 17:09:31 CEST 2006 

Hi,

I'm using SER 0.9.6 as my SIP proxy, and free RADIUS 1.1.0 for accounting,
authorization and authentication. Users are in open LDAP 2.3.20. For
connecting to RADIUS I'm using auth_radius module which uses radusclient-ng.

Everything works fine when digest is used for authentication and
authorization but when I try to use LDAP for authentication and
authorization i get this from RADIUS:

rlm_ldap: - authorize
rlm_ldap: performing user authorization for 201 at 192.168.19.2
radius_xlat:  '(uid=201 at 192.168.19.2)'
radius_xlat:  'ou=People,dc=sips,dc=tel,dc=fer,dc=hr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.19.2:389, authentication 0
rlm_ldap: bind as cn=root,dc=sips,dc=tel,dc=fer,dc=hr/topsct to
192.168.19.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=sips,dc=tel,dc=fer,dc=hr, with
filter (uid=201 at 192.168.19.2)
rlm_ldap: checking if remote access for 201 at 192.168.19.2 is allowed by
employeeType
rlm_ldap: Added password 201 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value 201 & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user 201 at 192.168.19.2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Ldap
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: leaving group LDAP (returns invalid) for request 0
auth: Failed to validate the user.

I think this is the problem:
     Attribute "User-Password" is required for authentication.

In users file I have added:a
    DFAULT Auth-Type:=LDAP
to force using LDAP for authentication and authorization.

When i try to connect remotly using radius client from command
line, authorization and authentication works fine. When I capture packets
when using SER i can't see User-Password attribute.

Is there any way to solve this problem. May be to say in RADIUS that some of
digest attributes is actually User-Password attribute, or some other module
which enables using of RADIUS and LDAP.

Thanks in advance.

Best regards,

--
  Ivan Turcin
Student at University of Zagreb, Faculty of Electricalengeniring and
Computing, Branch of Telecomunications and Informatics
Unska 3
HR-10000 Zagreb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060411/28f8576c/attachment.htm>

More information about the sr-users mailing list