AW: Freeradius + OpenLDAP - user password problem

Christian Poessinger christian at poessinger.com
Fri Jul 28 14:28:46 CEST 2006 

freeradius-users-bounces+christian=poessinger.com at lists.freeradius.org
wrote: 
> And here is the example of sucessful logon with radtest:
> 
> radtest bbb badblueboy 192.168.1.129 1 testing123
> 
> 
> rad_recv: Access-Request packet from host 192.168.1.129:35640, id=191,
> length=55
>         User-Name = "bbb"
>         User-Password = "badblueboy"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 5
>   modcall[authorize]: module "preprocess" returns ok for request 5
>   modcall[authorize]: module "mschap" returns noop for request 5
>     rlm_realm: No '@' in User-Name = "bbb", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 5
>     users: Matched entry DEFAULT at line 1
>     users: Matched entry DEFAULT at line 156
>   modcall[authorize]: module "files" returns ok for request 5
> modcall: group authorize returns ok for request 5
>   rad_check_password:  Found Auth-Type LDAP
> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 5
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "bbb" with password "badblueboy"
> radius_xlat:  '(uid=bbb)'
> radius_xlat:  'ou=People,dc=BLah,dc=si'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in ou=People,dc=BLah,dc=si, with filter
> (uid=bbb)
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap: user DN: uid=bbb,ou=People,dc=BLah,dc=si
> rlm_ldap: (re)connect to localhost:389, authentication 1
> rlm_ldap: bind as uid=bbb,ou=People,dc=kapion,dc=si/badblueboy to
> localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: user bbb authenticated succesfully
>   modcall[authenticate]: module "ldap" returns ok for request 5
> modcall: group Auth-Type returns ok for request 5 Sending
> Access-Accept of id 191 to 192.168.1.129:35640 Finished request 5
> Going to the next request --- Walking the entire request list --- 
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 5 ID 191 with timestamp 44c9f995 Nothing to do. 
> Sleeping until we see a request. 


You took a look at the ldap.attrmap file?

Add those two lines:

checkItem       User-Password                   userPassword
checkItem       userPassword                    lmPassword


-CP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2709 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060728/e95ce305/attachment.bin>

More information about the Freeradius-Users mailing list