LDAP authorization - Attribute "User-Password" is required for authentication
n.marjoram at adastral.ucl.ac.uk
Tue Jun 17 16:12:00 CEST 2008
Thanks, yes 2.0.5 ran out of box almost! Just got to customise the
certs, sometime after testing. Still have a couple of issues I can't
resolve, I'll post separately.
Alan DeKok wrote:
> Neil Marjoram wrote:
>> I am using a Netgear WAG102 Wireless access point to autorise to Radius,
>> which in turn uses LDAP. radtest from the command line of the local host
>> authenticates no problem, but I understand that it is a possibility that
>> the Netgear passes the Mac address of the laptop through to use as a
>> I am unable to understand how to map this in LDAP and keep getting :
>> Attribute "User-Password" is required for authentication
> You have forced "Auth-Type := LDAP" in your configuration. Don't do
> that. i.e. You have:
> rlm_ldap: Adding radiusAuthType as Auth-Type == LDAP
> DELETE the "radiusAuthType" from your LDAP configuration. It is NOT
> needed, and it's making authentication fail.
> It also looks like you've deleted most of the modules from the
> "authorize" section. Don't do that. Use the default configuration.
> It's there for a purpose: it works.
> It also looks like you haven't configured PEAP or TTLS. You MUST
> configure them for wireless authentication.
>> I am using the radiusProfile for each user in LDAP that I allow access
>> via wireless.
>> I am pretty new to Radius so am I sure I have some config wrong here
>> somewhere. I am currently testing on Ubuntu 8.04, and have Freeradius
> I understand why Ubuntu chose to use 1.1.7, but still.... Version
> 2.0.5 is much, much better.
> My recommendation for a quick fix:
> 1) Install 2.0.5. It's much better than 1.1.7.
> 2) start with default config
> 3) configure the LDAP module as you have done already (modules section,
> un-comment ldap in the "authorize" and "authenticate" sections of
> raddb/sites-available/* (use "grep ldap *".
> 4) do NOT set "radiusAuthType" in your LDAP directory.
> 5) Test with 'radtest'. It should work.
> 6) Test with a wireless client (un-check "validate server certificate)
> It should work.
> 2.0.5 makes it trivial to get PEAP and TTLS working. It's a lot
> harder to do that in 1.1.7.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adastral Park Campus
University College London
Ipswich - Suffolk
Tel: 01473 663711
Fax: 01473 635199
Reclaim Your Inbox!
More information about the Freeradius-Users