802.1x, EAP and LDAP
Mike Richardson
doctor at mcc.ac.uk
Tue Mar 4 11:53:22 CET 2008
On Tue, Mar 04, 2008 at 10:35:29AM +0000, Phil Mayers wrote:
> >rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 0
> >rlm_pap: WARNING! No "known good" password found for the user.
> >Authentication may fail because of this.
> > modcall[authorize]: module "pap" returns noop for request 0
>
> The ldap module didn't find a password for the user, thus the PAP module
> couldn't authenticate the user.
>
> I don't know enough about eDirectory to help much more; I can say that a
> "normal" LDAP server might contain entries of the form:
>
> dn: cn=user,ou=....
> cn: user
> objectClass: top
> objectClass: person
> userPassword: {CRYPT}xxxxxxxx
>
> ...or similar, and the ldap module is smart enough to figure it out.
>
> As Ivan has pointed out, I suspect this line higher up is the issue:
>
> > rlm_ldap: No default NMAS login sequence
>
> A quick read through the source code indicates the mysterious NMAS is
> novell universal auth / password / blah.
How does the PAP module attempt to do the authentication? Does it do an
authenticated bind as the user or does it get the password variable and
compare it to something stored?
I've tried it against openldap with the same result but I've not spent much
time on the openldap config. I have to get this working with eDiretory
unfortunately...
I'll go back to the openldap config and see if I can get that set up in the
right way.
Thanks,
Mike
--
Mike Richardson
Networks
IT Services, University of Manchester
*Plain text only please - attachments stripped on arrival*
More information about the Freeradius-Users
mailing list