mschap and ldap auth-type together no more working

LALOT Dominique lalot at univ-aix.fr
Thu Jan 18 18:06:47 CET 2007 

Hello,

I had a problem with ippool, but it is a NAS problem. I wanted to do 
further checks so I upgrade to newer versions:
freeradius      1.0.2-4sarge3   stable (I come from this one)
freeradius      1.1.3-3 testing
freeradius      1.1.2-1bpo1     sarge-backports

Before, I was able to do LDAP or MSCHAP automatically.
I had and entry in users
lalot Auth-Type := ldap
      Framed-IP-Address = XXX,
      Framed-IP-Netmask = 255.255.255.0,
      Fall-Through = Yes

If I put mschap in users, it's working for mschap..

The two new ones have the same problem. That's may ne due to an 
incomplete update..

I don't put all the logs:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=xxx,dc=fr, with filter 
(uid=lalot)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding supannaffectation as Pool-Name, value Pharo & op=21
rlm_ldap: Adding ntPassword as NT-Password, value XXX & op=21
rlm_ldap: Adding lmPassword as LM-Password, value XXX & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user lalot authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 11
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 11
modcall: leaving group authorize (returns ok) for request 11
  rad_check_password:  Found Auth-Type ldap
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 11

and before:
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
  modcall[authorize]: module "mschap" returns ok for request 2
 modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 2
  rlm_mschap: Found LM-Password
  rlm_mschap: Found NT-Password

You can notice the diff
rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'

and then rad_check_password: seems confused..

Any ideas?.

Config:
authorize {
   preprocess

   files
   ldap

   #
   #  If the users are logging in with an MS-CHAP-Challenge
   #  attribute for authentication, the mschap module will find
   #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
   #  to the request, which will cause the server to then use
   #  the mschap module for authentication.
   mschap
}
authenticate {
   Auth-Type LDAP {
      ldap
   }
   Auth-Type PAP {
      pap
   }
   Auth-Type MS-CHAP {
      mschap
   }
}


-- 
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot

More information about the Freeradius-Users mailing list