尝试使用FreeRADIUS和OpenLDAP对Dell PowerConnect 5324交换机进行身份validation

所以情况就是这样。 我希望能够使用我的LDAP凭据login到此交换机。 由于交换机本身不支持LDAP，所以我认为FreeRADIUS有一个LDAP模块，我可以使用FreeRADIUS作为一种“桥梁”。

以下是radiusd的输出：

rad_recv: Access-Request packet from host 10.10.10.249 port 49155, id=0, length=76 User-Name = "rdraga" User-Password = "XXXXXXXXXXXX" Cisco-AVPair = "shell:priv-lvl=1" NAS-IP-Address = 10.10.10.249 +- entering group authorize {...} ++[suffix] No '@' in User-Name = "rdraga", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound rlm_ldap: Entering ldap_groupcmp() [files] expand: dc=decisioningsolutions,dc=com -> dc=decisioningsolutions,dc=com [files] expand: (uid=%{User-Name}}) -> (uid=rdraga}) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.decisioningsolutions.com:389, authentication 0 rlm_ldap: bind as cn=radius_user,ou=People,dc=decisioningsolutions,dc=com/radius to ldap.decisioningsolutions.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=decisioningsolutions,dc=com, with filter (uid=rdraga}) rlm_ldap: object not found rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Entering ldap_groupcmp() [files] expand: dc=decisioningsolutions,dc=com -> dc=decisioningsolutions,dc=com [files] expand: (uid=%{User-Name}}) -> (uid=rdraga}) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=decisioningsolutions,dc=com, with filter (uid=rdraga}) rlm_ldap: object not found rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 208 ++[files] returns ok [ldap] performing user authorization for rdraga [ldap] expand: (uid=%{User-Name}}) -> (uid=rdraga}) [ldap] expand: dc=decisioningsolutions,dc=com -> dc=decisioningsolutions,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=decisioningsolutions,dc=com, with filter (uid=rdraga}) rlm_ldap: object not found [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = Reject Auth-Type = Reject, rejecting user Failed to authenticate the user. expand: Host %n -> Host 10.10.10.249 Login incorrect (rlm_ldap: User not found): [rdraga/<redacted>] (from client office port 0) Host 10.10.10.249 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> rdraga attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 10.10.10.249 port 49155 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +19 Ready to process requests. 

另外，这里是我的/ etc / raddb / modules / ldap文件：

 ldap { server = "ldap.decisioningsolutions.com" identity = "cn=radius_user,ou=People,dc=decisioningsolutions,dc=com" password = "radius" basedn = "dc=decisioningsolutions,dc=com" # filter = "(&(objectclass=user)(objectcategory=user)(userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}}*))" # filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" # filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" filter = "(uid=%{User-Name})" # filter = "(cn=%{User-Name})" groupmembership_attribute = "memberOf" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no chase_referrals = yes rebind = yes } 

• 为什么不是某些设备通过wifi获取IP地址？
• 难以理解的STP行为
• 将两个VLAN桥接在一起
• STP在混合环境中
• 出于安全原因使用VLAN进行LAN隔离