problem with LDAP backend

Frank Bonnet f.bonnet at esiee.fr
Wed Aug 31 17:02:32 CEST 2011 

Hello

Still trying to use freeradius with chillispot I still have problems

I'm trying to use mixed authentication

MAC addresses for some video devices in the "users" file
as follows :

00-06-F4-0D-08-66       Auth-Type := Local, User-Password == "xxxxxxxx"
                         Framed-IP-Address = 192.168.182.213,
                         Fall-Through = Yes

LDAP backend for "real" users at the end of the "users" file I have this 
statement

DEFAULT    Auth-Type = LDAP
     Fall-Through = 1

This configuration were working well on a very old debian machine which 
died suddenly

When I try to access the the chilli portal it ask radius for authentication
but it dows not work. See below the debug trace of radius daemon.
Help greatly appreciated, thank you.


Wed Aug 31 16:52:39 2011 : Debug:   Processing the authorize section of 
radiusd.conf
Wed Aug 31 16:52:39 2011 : Debug: modcall: entering group authorize for 
request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: calling 
preprocess (rlm_preprocess) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: returned from 
preprocess (rlm_preprocess) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authorize]: module 
"preprocess" returns ok for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: calling eap 
(rlm_eap) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   rlm_eap: No EAP-Message, not doing EAP
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: returned from 
eap (rlm_eap) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authorize]: module "eap" 
returns noop for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: calling files 
(rlm_files) for request 15
Wed Aug 31 16:52:39 2011 : Debug:     users: Matched entry DEFAULT at 
line 398
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: returned from 
files (rlm_files) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authorize]: module "files" 
returns ok for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: calling ldap 
(rlm_ldap) for request 15
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: - authorize
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: performing user 
authorization for xxxxxxxx
Wed Aug 31 16:52:39 2011 : Debug: radius_xlat:  '(uid=xxx)'
Wed Aug 31 16:52:39 2011 : Debug: radius_xlat:  'ou=Users,dc=esiee,dc=fr'
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: performing search in 
ou=Users,dc=esiee,dc=fr, with filter (uid=hrazdira)
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: checking if remote access 
for xxxxxxxx is allowed by uid
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: looking for check items in 
directory...
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: looking for reply items in 
directory...
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: user xxxxxxxx authorized to 
use remote access
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: returned from 
ldap (rlm_ldap) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authorize]: module "ldap" 
returns ok for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: calling pap 
(rlm_pap) for request 15
Wed Aug 31 16:52:39 2011 : Debug: rlm_pap: WARNING! No "known good" 
password found for the user.  Authentication may fail because of this.
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authorize]: returned from 
pap (rlm_pap) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authorize]: module "pap" 
returns noop for request 15
Wed Aug 31 16:52:39 2011 : Debug: modcall: leaving group authorize 
(returns ok) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   rad_check_password:  Found Auth-Type 
LDAP
Wed Aug 31 16:52:39 2011 : Debug: auth: type "LDAP"
Wed Aug 31 16:52:39 2011 : Debug:   Processing the authenticate section 
of radiusd.conf
Wed Aug 31 16:52:39 2011 : Debug: modcall: entering group authenticate 
for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authenticate]: calling 
ldap (rlm_ldap) for request 15
Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: - authenticate
Wed Aug 31 16:52:39 2011 : Auth: rlm_ldap: Attribute "User-Password" is 
required for authentication. Cannot use "CHAP-Password".
Wed Aug 31 16:52:39 2011 : Debug:   modsingle[authenticate]: returned 
from ldap (rlm_ldap) for request 15
Wed Aug 31 16:52:39 2011 : Debug:   modcall[authenticate]: module "ldap" 
returns invalid for request 15
Wed Aug 31 16:52:39 2011 : Debug: modcall: leaving group authenticate 
(returns invalid) for request 15
Wed Aug 31 16:52:39 2011 : Debug: auth: Failed to validate the user.
Wed Aug 31 16:52:39 2011 : Debug: Delaying request 15 for 1 seconds
Wed Aug 31 16:52:39 2011 : Debug: Finished request 15
Wed Aug 31 16:52:39 2011 : Debug: Going to the next request
Wed Aug 31 16:52:39 2011 : Debug: --- Walking the entire request list ---

More information about the Freeradius-Users mailing list