freeradius, ldap error - HELP ME!

Thibault Le Meur Thibault.LeMeur at supelec.fr
Wed Mar 21 11:13:02 CET 2007


> But the output now is:
> 
> rad_recv: Access-Request packet from host 127.0.0.1:1030, 
> id=65, length=54
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         User-Name = "peppeska"
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port = 0
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> - ->Where is User-Password attribute?
> - ------------------------------------------------

A good question indeed, that one should be asked to your NAS ;-)

It's up to the NAS to send User-Password: unless it is setup to do something
else (for instance MSCHAP).

Have you setup ppp to use mschap (require-mschap-v2 option) ?
Are you using the radiusclient library ? 

If yes, could you check that you radiusclient dictionnary file includes
Microsoft attributes:
* check the "dictionary      <path-to-dict-file>" line of
/etc/radiusclient-ng/radiusclient.conf file (or
/etc/radiusclient/radiusclient.conf file)
* check that the file <path-to-dict-file> contains a reference to other
dictionnary files such as:
INCLUDE /usr/share/radiusclient-ng/dictionary.merit
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
* check that you have these 2 extra dictionnary files (especially the
microsoft one)
==> I've attached the two files

Regards,
Thibault




>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "peppeska", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry DEFAULT at line 155
>     users: Matched entry DEFAULT at line 173
>     users: Matched entry DEFAULT at line 185
>   modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for peppeska
> radius_xlat:  '(cn=peppeska)'
> radius_xlat:  'dc=example'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as cn=admin,dc=example/root to localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=example, with filter (cn=peppeska)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user peppeska authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
>   rad_check_password:  Found Auth-Type LDAP
> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group LDAP for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for 
> authentication. 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> - -> mmmmm depend to ppp version? it's possible?
> - 
> ----------------------------------------------------------------------
>   modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: leaving group LDAP (returns invalid) for request 0
> auth: Failed to validate the user.
> Login incorrect: [peppeska/<no User-Password attribute>] 
> (from client localhost port 0) Delaying request 0 for 1 
> seconds Finished request 0 Going to the next request
> - --- Walking the entire request list ---
> Waking up in 1 seconds...
> - --- Walking the entire request list ---
> Sending Access-Reject of id 65 to 127.0.0.1 port 1030
> Waking up in 2 seconds...
> - --- Walking the entire request list ---
> Cleaning up request 0 ID 65 with timestamp 4600fb5f
> Nothing to do.  Sleeping until we see a request.
> 
> 
> 
> ok.. I my ldap.attrmap contain:
> 
> checkItem       User-Password                   lmPassword
> checkItem       LM-Password                     lmPassword
> checkItem       NT-Password                     ntPassword
> 
> And the ldap section in radiusd.conf contain:
> 
> password_attribute = User-Password
> 
> 
> What's the problem?
> 
> 
> - --
>   <<<<---------------------------------------------------------->>>>
>   |Giuseppe Moscato aka peppeska - Linux User - no html messages---|
> 
>   |donpeppiniello at tiscali.it - http://peppeska.altervista.org------|
> 
>   |Fingerprint = 90DC 05A8 2D65 BC04 BD1B  4C07 C389 434B 3201 319D|
>   <<<<---------------------------------------------------------->>>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGAP+4kA6hcnFZI/YRAgF+AKC7+GLE/xihS1DkdHcHk9pvTINsOgCgm4s8
> ejjPb/Qg2uW/D2ddqSWj0Ao=
> =cvka
> -----END PGP SIGNATURE-----
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary.merit
Type: application/octet-stream
Size: 599 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070321/6dd4c43d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary.microsoft
Type: application/octet-stream
Size: 2646 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070321/6dd4c43d/attachment-0001.obj>


More information about the Freeradius-Users mailing list