Problem with LDAP and SSHA password

Maurice James midnightsteel at msn.com
Mon Nov 1 21:22:04 CET 2010


I posted a working config for your exact problem last week. Take Johns advice. Thanks













-----Original Message-----
From: freeradius-users-bounces+midnightsteel=msn.com at lists.freeradius.org [mailto:freeradius-users-bounces+midnightsteel=msn.com at lists.freeradius.org] On Behalf Of Rafal Kaminski
Sent: Monday, November 01, 2010 10:59 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Problem with LDAP and SSHA password

W dniu 11/1/10 3:56 PM, Rafał Kamiński pisze:
> Hi,
>
> I configured Freeradius + Ldap and ssha Password like userPassword but 
> when I try connect I have this debug log:
>
> ---CUT---

Ok - my bad :) I clicked "Send" fast.

---CUT---
Mon Nov  1 14:53:39 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password == "{SHA}izxUUJlzMp1DyX5R9DSblXZBpjI="
Mon Nov  1 14:53:39 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password == "{SHA}izxUUJlzMp1DyX5R9DSblXZBpjI="
Mon Nov  1 14:53:39 2010 : Debug: rlm_ldap: looking for reply items in directory...
Mon Nov  1 14:53:39 2010 : Debug: rlm_ldap: user rafal.kaminski authorized to use remote access Mon Nov  1 14:53:39 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: returned from 
ldap (rlm_ldap) for request 0
Mon Nov  1 14:53:39 2010 : Debug: ++[ldap] returns ok
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: calling 
expiration (rlm_expiration) for request 0
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: returned from 
expiration (rlm_expiration) for request 0 Mon Nov  1 14:53:39 2010 : Debug: ++[expiration] returns noop
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: calling 
logintime (rlm_logintime) for request 0
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: returned from 
logintime (rlm_logintime) for request 0
Mon Nov  1 14:53:39 2010 : Debug: ++[logintime] returns noop
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: calling pap 
(rlm_pap) for request 0
Mon Nov  1 14:53:39 2010 : Debug: rlm_pap: Found existing Auth-Type, not changing it.
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[authorize]: returned from 
pap (rlm_pap) for request 0
Mon Nov  1 14:53:39 2010 : Debug: ++[pap] returns noop
Mon Nov  1 14:53:39 2010 : Debug:   rad_check_password:  Found Auth-Type EAP
Mon Nov  1 14:53:39 2010 : Debug: auth: type "EAP"
Mon Nov  1 14:53:39 2010 : Debug:   WARNING: Unknown value specified for 
Auth-Type.  Cannot perform requested action.
Mon Nov  1 14:53:39 2010 : Debug: auth: Failed to validate the user.
Mon Nov  1 14:53:39 2010 : Auth: Login incorrect: [rafal.kaminski/<via Auth-Type = EAP>] (from client 192.168.37.3 port 0)
Mon Nov  1 14:53:39 2010 : Debug:   Found Post-Auth-Type Reject
Mon Nov  1 14:53:39 2010 : Debug: +- entering group REJECT
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[post-auth]: calling 
attr_filter.access_reject (rlm_attr_filter) for request 0
Mon Nov  1 14:53:39 2010 : Debug: 	expand: %{User-Name} -> rafal.kaminski
Mon Nov  1 14:53:39 2010 : Debug:  attr_filter: Matched entry DEFAULT at line 11
Mon Nov  1 14:53:39 2010 : Debug:   modsingle[post-auth]: returned from 
attr_filter.access_reject (rlm_attr_filter) for request 0 Mon Nov  1 14:53:39 2010 : Debug: ++[attr_filter.access_reject] returns updated Mon Nov  1 14:53:39 2010 : Debug: Delaying reject of request 0 for 1 seconds Mon Nov  1 14:53:39 2010 : Debug: Going to the next request Mon Nov  1 14:53:39 2010 : Debug: Waking up in 0.9 seconds.
Mon Nov  1 14:53:40 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 217 to 192.168.37.3 port 1812

---END-CUT---

Where is the problem?

Thanks for help, because I can't resolve that problem for 2-3 days :(

--
Rafal Kaminski
System Administrator

Young Internet GmbH
Torstraße 35
10119 Berlin
Germany

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list