linux – 尝试使用FreeRADIUS和OpenLDAP对Dell PowerConnect 5324交换机进行身份验证

概述所以这就是情况.我希望能够使用我的LDAP凭据登录此交换机.由于交换机本身不支持LDAP,我认为FreeRADIUS有一个LDAP模块,我可以使用FreeRADIUS作为一种“桥梁”. 这是radiusd的输出： rad_recv: Access-Request packet from host 10.10.10.249 port 49155, id=0, length=76 User-Name 所以这就是情况.我希望能够使用我的LDAP凭据登录此交换机.由于交换机本身不支持LDAP,我认为FreeRADIUS有一个LDAP模块,我可以使用FreeRADIUS作为一种“桥梁”.

这是radiusd的输出：

rad_recv: Access-Request packet from host 10.10.10.249 port 49155,ID=0,length=76 User-name = "rdraga"User-Password = "XXXXXXXXXXXX"Cisco-AVPair = "shell:priv-lvl=1"NAS-IP-Address = 10.10.10.249+- entering group authorize {...}++[suffix] No '@' in User-name = "rdraga",looking up realm NulL[suffix] No such realm "NulL"++[suffix] returns noop[eap] No EAP-Message,not doing EAP++[eap] returns noop++[unix] returns notfoundrlm_ldap: Entering ldap_groupcmp()    [files]     expand: dc=decisioningsolutions,dc=com -> dc=decisioningsolutions,dc=com    [files]     expand: (uID=%{User-name}}) -> (uID=rdraga})rlm_ldap: ldap_get_conn: Checking ID: 0rlm_ldap: ldap_get_conn: Got ID: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to ldap.decisioningsolutions.com:389,authentication 0rlm_ldap: bind as cn=radius_user,ou=People,dc=decisioningsolutions,dc=com/radius to ldap.decisioningsolutions.com:389rlm_ldap: waiting for bind result ...rlm_ldap: Bind was successfulrlm_ldap: performing search in dc=decisioningsolutions,dc=com,with filter (uID=rdraga})rlm_ldap: object not foundrlm_ldap::ldap_groupcmp: search Failedrlm_ldap: ldap_release_conn: Release ID: 0rlm_ldap: Entering ldap_groupcmp()    [files]     expand: dc=decisioningsolutions,dc=com    [files]     expand: (uID=%{User-name}}) -> (uID=rdraga})rlm_ldap: ldap_get_conn: Checking ID: 0rlm_ldap: ldap_get_conn: Got ID: 0rlm_ldap: performing search in dc=decisioningsolutions,with filter (uID=rdraga})rlm_ldap: object not foundrlm_ldap::ldap_groupcmp: search Failedrlm_ldap: ldap_release_conn: Release ID: 0    [files] users: Matched entry DEFAulT at line 208++[files] returns ok[ldap] performing user authorization for rdraga[ldap]  expand: (uID=%{User-name}}) -> (uID=rdraga})[ldap]  expand: dc=decisioningsolutions,dc=comrlm_ldap: ldap_get_conn: Checking ID: 0rlm_ldap: ldap_get_conn: Got ID: 0rlm_ldap: performing search in dc=decisioningsolutions,with filter (uID=rdraga})rlm_ldap: object not found[ldap] search Failedrlm_ldap: ldap_release_conn: Release ID: 0++[ldap] returns notfound++[expiration] returns noop++[logintime] returns noopFound Auth-Type = RejectAuth-Type = Reject,rejecting user  Failed to authenticate the user.    expand: Host %n -> Host 10.10.10.249Login incorrect (rlm_ldap: User not found): [rdraga/<redacted>] (from clIEnt office port 0) Host 10.10.10.249Using Post-Auth-Type Reject+- entering group REJECT {...}[attr_filter.access_reject]     expand: %{User-name} -> rdragaattr_filter: Matched entry DEFAulT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 0 for 1 secondsGoing to the next requestWaking up in 0.9 seconds.Sending delayed reject for request 0Sending Access-Reject of ID 0 to 10.10.10.249 port 49155Waking up in 4.9 seconds.Cleaning up request 0 ID 0 with timestamp +19Ready to process requests.

另外,这是我的/ etc / raddb / modules / ldap文件：

ldap {         server = "ldap.decisioningsolutions.com"         IDentity = "cn=radius_user,dc=com"         password = "radius"         basedn = "dc=decisioningsolutions,dc=com" #       filter = "(&(objectclass=user)(objectcategory=user)(userPrincipalname=%{%{Stripped-User-name}:-%{User-name}}*))" #       filter = "(uID=%{%{Stripped-User-name}:-%{User-name}})" #       filter = "(cn=%{%{Stripped-User-name}:-%{User-name}})"         filter = "(uID=%{User-name})" #       filter = "(cn=%{User-name})"         groupmembership_attribute = "memberOf"         ldap_connections_number = 5         timeout = 4         timelimit = 3         net_timeout = 1        tls {                 start_tls = no        }        dictionary_mapPing = ${confdir}/ldap.attrmap        edir_account_policy_check = no        chase_referrals = yes        rebind = yes }

解决方法 您的问题是在LDAP中找不到您指定的uID – 您是否知道您所使用的LDAP中的条目的DN？

rlm_ldap: performing search in dc=decisioningsolutions,with filter (uID=rdraga})
rlm_ldap: object not found
[ldap] search Failed

由于用户名末尾的额外},它可能不匹配 – 看起来您的radiusd输出来自与modules / ldap配置文件不同的运行,因为它试图错误地扩展您的用户名表达式：

rlm_ldap: Entering ldap_groupcmp()
[files] expand: dc=decisioningsolutions,dc=com
[files] expand: (uID=%{User-name}}) -> (uID=rdraga})

总结

以上是内存溢出为你收集整理的linux – 尝试使用FreeRADIUS和OpenLDAP对Dell PowerConnect 5324交换机进行身份验证全部内容，希望文章能够帮你解决linux – 尝试使用FreeRADIUS和OpenLDAP对Dell PowerConnect 5324交换机进行身份验证所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。