PPTP + FreeRadius + LDAP

Alexandre Chapellon alexandre.chapellon at mana.pf
Wed Nov 26 20:27:35 CET 2008


trying forcing windows pptp client to use mschapv2

Le 26.11.2008 09:15, Douglas Macedo a écrit :
> Sorry Alan,
>
> but the webpage tells that its don't work. Its impossible? Correct?
>
> So, how I can fix that the other way?
>
> My pptp-options:
>
> ==
> epiderme:/etc/ppp# cat pptpd-options
> name pptpd
> refuse-pap
> ##refuse-chap
> require-chap
> ##refuse-mschap
> require-mschap
> require-mschap-v2
> require-mppe-128
> proxyarp
> nodefaultroute
> debug
> lock
> nobsdcomp
> plugin radius.so
> #plugin radattr.so
> radius-config-file /etc/radiusclient/radiusclient.conf
> auth
> ==
>
> And my radiusd.conf:
>
> ==
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
> localstatedir = /var
> sbindir = ${exec_prefix}/sbin
> logdir = /var/log
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = ${exec_prefix}/lib
> pidfile = ${run_dir}/radiusd.pid
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions     = yes
> extended_expressions    = yes
> log_stripped_names = no
> log_auth = yes
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = no
> }
> proxy_requests  = no
> $INCLUDE  ${confdir}/clients.conf
> snmp    = no
> thread pool {
>         start_servers = 5
>         max_servers = 32
>         min_spare_servers = 3
>         max_spare_servers = 10
>         max_requests_per_server = 0
> }
> modules {
>         pap {
>                 encryption_scheme = crypt
>         }
>         chap {
>                 authtype = CHAP
>         }
>         unix {
>                 cache = no
>                 cache_reload = 600
>                 radwtmp = ${logdir}/radwtmp
>         }
>         mschap {
>                 authtype = MS-CHAP
>                 use_mppe = yes
>                 require_encryption = no
>                 require_strong = no
>                 with_ntdomain_hack = yes
>         }
>         ldap {
>                 server = "ldap.telemedicina.ufsc.br
> <http://ldap.telemedicina.ufsc.br>"
>                 identity = "cn=Manager,dc=telemedicina,dc=ufsc,dc=br"
>                 password = "XXXXXXX"
>                 basedn = "ou=Users,dc=telemedicina,dc=ufsc,dc=br"
>                 filter = "(&(objectClass=posixAccount)(uid=%u))"
>
>                 start_tls = no
>                 dictionary_mapping = ${raddbdir}/ldap.attrmap
>                 ldap_connections_number = 5
>                 password_header = "{Cleartext-Password}"
>                 password_attribute = sambaNTPassword
>                 timeout = 4
>                 timelimit = 3
>                 net_timeout = 1
>                 compare_check_items = no
>         }
>         realm suffix {
>                 format = suffix
>                 delimiter = "@"
>                 ignore_default = no
>                 ignore_null = no
>         }
>         checkval {
>                 item-name = Calling-Station-Id
>                 check-name = Calling-Station-Id
>                 data-type = string
>         }
>         preprocess {
>                 huntgroups = ${confdir}/huntgroups
>                 hints = ${confdir}/hints
>                 with_ascend_hack = no
>                 ascend_channels_per_line = 23
>                 with_ntdomain_hack = no
>                 with_specialix_jetstream_hack = no
>                 with_cisco_vsa_hack = no
>         }
>         files {
>                 usersfile = ${confdir}/users
>                 compat = no
>         }
>         detail {
>                 detailfile =
> ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>                 detailperm = 0600
>         }
>         acct_unique {
>                 key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
>         }
>         radutmp {
>                 filename = ${logdir}/radutmp
>                 username = %{User-Name}
>                 case_sensitive = yes
>                 check_with_nas = yes
>                 perm = 0600
>                 callerid = "yes"
>         }
>         radutmp sradutmp {
>                 filename = ${logdir}/sradutmp
>                 perm = 0644
>                 callerid = "no"
>         }
>         attr_filter {
>                 attrsfile = ${confdir}/attrs
>         }
>         counter daily {
>                 filename = ${raddbdir}/db.daily
>                 key = User-Name
>                 count-attribute = Acct-Session-Time
>                 reset = daily
>                 counter-name = Daily-Session-Time
>                 check-name = Max-Daily-Session
>                 allowed-servicetype = Framed-User
>                 cache-size = 5000
>         }
>         always fail {
>                 rcode = fail
>         }
>         always reject {
>                 rcode = reject
>         }
>         always ok {
>                 rcode = ok
>                 simulcount = 0
>                 mpp = no
>         }
>         expr {
>         }
>         digest {
>         }
>         exec {
>                 wait = yes
>                 input_pairs = request
>         }
>         exec echo {
>                 wait = yes
>                 program = "/bin/echo %{User-Name}"
>                 input_pairs = request
>                 output_pairs = reply
>         }
>         ippool main_pool {
>                 range-start = 150.162.67.201 <http://150.162.67.201>
>                 range-stop = 150.162.67.220 <http://150.162.67.220>
>                 netmask = 255.255.255.0 <http://255.255.255.0>
>                 cache-size = 800
>                 session-db = ${raddbdir}/db.ippool
>                 ip-index = ${raddbdir}/db.ipindex
>                 override = no
>                 maximum-timeout = 0
>         }
> }
> instantiate {
>         exec
>         expr
> }
> authorize {
>         preprocess
>         files
>         ldap
>         chap
>         mschap
>         suffix
>         #eap
>         pap
> }
> authenticate {
>          Auth-Type PAP {
>                 pap
>          }
>         Auth-Type LDAP {
>                 ldap
>         }
>         Auth-Type CHAP {
>                 chap
>         }
>         Auth-Type MS-CHAP {
>                 mschap
>         }
>         unix
>         #eap
> }
> preacct {
>         preprocess
>         #acct_unique
>         #files
> }
> accounting {
>         detail
>         unix
>         radutmp
> }
> session {
>         radutmp
> }
> post-auth {
>         #main_pool
>         #ldap
> }
> pre-proxy {
> }
> post-proxy {
>         #eap
> }
> ==
>
> I apreciate your help.
>
> Thanks a lot,
> Douglas
>
> On Wed, Nov 26, 2008 at 5:04 PM, Alan DeKok <aland at deployingradius.com
> <mailto:aland at deployingradius.com>> wrote:
>
>     Douglas Macedo wrote:
>     > how I can fix that?
>
>      Read the web page.  It tells you.
>
>      Alan DeKok.
>     -
>     List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/list/users.html
>
>
>
>
> -- 
> Douglas Macedo
> dmacedo at gmail.com <mailto:dmacedo at gmail.com>
> --
> Avalia-se a inteligência de um indivíduo pela quantidade de incertezas
> que ele é capaz de suportar.
> (Immanuel Kant)
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081126/605873ed/attachment.html>


More information about the Freeradius-Users mailing list