problem with ldap authentication

Frank Bonnet f.bonnet at esiee.fr
Mon Mar 23 17:32:18 CET 2009


Alan DeKok wrote:
> Frank Bonnet wrote:
>> I'm in trouble with a debian version of freeradius
>> I've installed chillispot and freeradius packages
>> but it won't work for LDAP users it fails with
>> such error messages :
>>
>> Mon Mar 23 16:41:05 2009 : Auth: Login incorrect:
>> [xxxxxxxx/<CHAP-Password>] (from client localhost port 31 cli
>> 00-13-02-AE-F1-01)
> 
>   Is there any reason you're not running it in debugging mode, as
> suggested in the FAQ, README, INSTALL, "man" page, and nearly daily on
> this list?
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

OK here is the debug of one failed session

thanks for your help



Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33076, id=0, length=217
	User-Name = "xxxxxxx"
	CHAP-Challenge = 0x01464b2728f172473bf5dd5d64d71539
	CHAP-Password = 0x00443c19722da8b5ac9799a1a5d39bc1af
	NAS-IP-Address = 127.0.0.1
	Service-Type = Login-User
	Framed-IP-Address = 192.168.182.54
	Calling-Station-Id = "00-19-D2-78-56-4D"
	Called-Station-Id = "00-12-79-90-10-21"
	NAS-Identifier = "nas01"
	Acct-Session-Id = "49c7b89400000034"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 52
	Message-Authenticator = 0x64d387cd750288b284dc8182e4f2dec6
	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   rlm_chap: Setting 'Auth-Type := CHAP'
   modcall[authorize]: module "chap" returns ok for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
     rlm_realm: No '@' in User-Name = "xxxxxxx", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 0
     users: Matched entry DEFAULT at line 363
   modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for xxxxxxx
radius_xlat:  '(uid=xxxxxxxx)'
radius_xlat:  'dc=esiee,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.esiee.fr:389, authentication 0
rlm_ldap: bind as / to ldap.esiee.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=esiee,dc=fr, with filter (uid=xxxxxxx)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
   rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
   ERROR: Unknown value specified for Auth-Type.  Cannot perform 
requested action.
auth: Failed to validate the user.
Login incorrect (rlm_ldap: User not found): [xxxxxxx/<CHAP-Password>] 
(from client localhost port 52 cli 00-19-D2-78-56-4D)
Delaying request 0 for 1 seconds



More information about the Freeradius-Users mailing list