Hi all,<br><br>I am facing problems with Ldap and freeradius on RedHat
linux AS 4. I can sucessfully authenticate with windows xp machines
with freeradius local "users" file and md5  using cisco 2950. Radtest
is successful for the ldapusers, but the radius -X shows "rlm_ldap:
Attribute "User-Password" is required for authentication. &
modcall[authenticate]: module "ldap" returns invalid for request 0" <br><br>Any help will be appreciated. Thanks <br><br>I am using the configuration file from the source file. <br>-------------------<br>[
root@localhost ~]# cat /etc/raddb/radiusd.conf<br>prefix = /usr<br>exec_prefix = ${prefix}
<br>sysconfdir = /etc<br>localstatedir = /var<br>sbindir = ${exec_prefix}/sbin<br>logdir = ${localstatedir}/log/radius<br>raddbdir = ${sysconfdir}/raddb<br>radacctdir = ${logdir}/radacct<br><br>confdir = ${raddbdir}<br>run_dir = ${localstatedir}/run/radiusd
<br><br>log_file = ${logdir}/radius.log<br><br>libdir = /usr/lib/freeradius<br><br>pidfile = ${run_dir}/radiusd.pid<br><br><br>user = radiusd<br>group = radiusd<br><br>max_request_time = 30<br>delete_blocked_requests = no
<br>cleanup_delay = 5<br>max_requests = 0<br>bind_address = *<br>port = 0<br>hostname_lookups = no<br>allow_core_dumps = no<br>regular_expressions     = yes<br>extended_expressions    = yes<br>log_stripped_names = no<br>
log_auth = no
<br>log_auth_badpass = no<br>log_auth_goodpass = no<br><br>#  The program to execute to do concurrency checks.<br>#checkrad = ${sbindir}/checkrad<br><br>security {<br>        max_attributes = 200<br>        reject_delay = 0
<br>        status_server = no<br>}<br><br>proxy_requests  = yes<br>$INCLUDE  ${confdir}/proxy.conf<br><br>$INCLUDE  ${confdir}/clients.conf<br><br>thread pool {<br>        start_servers = 5<br>        max_servers = 32<br>

        min_spare_servers = 3<br>        max_spare_servers = 10<br>        max_requests_per_server = 0<br>}<br><br>modules {<br><br>        ldap {<br>        server = "<a href="http://10.10.29.251/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
10.10.29.251</a>"
<br>        #identity = "uid=freeradius,ou=admins,ou<div id="mb_0">=radius,dc=mydomain,dc=com"<br>        #identity = "cn=Manager,dc=example,dc=com"<br>        #password = password<br>        basedn = "ou=people,dc=example,dc=com"
<br>        #filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile)"<br>        start_tls = no<br>        tls_mode = no<br>        #default_profile = "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com"
<br>        #profile_attribute = "radiusProfileDn"<br>        dictionary_mapping = ${raddbdir}/ldap.attrmap<br>        ldap_cache_timeout = 120<br>        ldap_cache_size = 0<br>        ldap_connections_number = 10
<br>        #password_header = "{crypt}"<br>        password_attribute = userPassword<br>        #groupname_attribute = radiusGroupName<br>        #groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}}))(objectclass=radiusProfile)"
<br>        #groupmembership_attribute = radiusGroupName<br>        timeout = 3<br>        timelimit = 5<br>        net_timeout = 1<br>        compare_check_items = no<br>        #access_attr_used_for_allow = yes<br>        }
<br><br>        realm suffix {<br>                format = suffix<br>                delimiter = "@"<br>        }<br><br>        preprocess {<br>                huntgroups = ${confdir}/huntgroups<br>                #hints = ${confdir}/hints
<br>                with_ascend_hack = no<br>                ascend_channels_per_line = 23<br>                with_ntdomain_hack = no<br>                with_specialix_jetstream_hack = no<br>                with_cisco_vsa_hack = no
<br>        }<br><br>        files {<br>                usersfile = ${confdir}/users<br>                #acctusersfile = ${confdir}/acct_users<br>                compat = no<br>                #use old style users<br>        }
<br>        # regular detail files<br>        detail detail1 {<br>                detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br>                detailperm = 0600<br>                dirperm = 0755<br>        }
<br>        # temp detail file to replicate to accountrad<br>        detail detail2 {<br>                detailfile= ${radacctdir}/detail-combined<br>                detailperm = 0600<br>                dirperm = 0755<br>

                locking = yes<br>        }<br><br>        acct_unique {<br>                key = "User-Name, Acct-Session-Id, NAS-IP-Address,Client-IP-Address, NAS-Port-Id"<br>        }<br><br><br>        #radutmp {
<br>        #       filename = ${logdir}/radutmp<br>        #       perm = 0600<br>        #       callerid = "yes"<br>        #}<br><br>        #radutmp sradutmp {<br>        #       filename = ${logdir}/sradutmp
<br>        #       perm = 0644<br>        #       callerid = "no"<br>        #}<br><br>        #attr_filter {<br>        #       attrsfile = ${confdir}/attrs<br>        #}<br><br><br>        # The "always" module is here for debugging purposes. Each
<br>        # instance simply returns the same result, always, without<br>        # doing anything.<br>        always fail {<br>                rcode = fail<br>        }<br>        always reject {<br>                rcode = reject
<br>        }<br>        always ok {<br>                rcode = ok<br>                simulcount = 0<br>                mpp = no<br>        }<br><br>        #<br>        #  The 'expression' module current has no configuration.
<br>        expr {<br>        }<br><br>}<br><br>instantiate {<br>        expr<br>}<br><br>authorize {<br>        preprocess<br>        suffix<br>        files<br>        ldap<br>}<br><br>authenticate {<br>        authtype LDAP {
<br>                ldap<br>        }<br>}<br><br>preacct {<br>        preprocess<br>        suffix<br>        files<br>}<br><br>accounting {<br>        acct_unique<br>        detail1<br>        detail2<br>        #radutmp
<br>        #sradutmp<br>}<br><br><br>#session {<br>        #radutmp<br>#}<br><br>#post-auth {<br>          #  Get an address from the IP Pool.<br>          #main_pool<br>#}<br>----------------------------------------<br>

The ldif file<br>dn: uid=ldapuser5,ou=People,dc=example,dc=com<br>uid: ldapuser5<br>cn: ldapuser5<br>userPassword: {crypt}$1$1jD47Q.o$o.Aqkoe/Z7au.phSO6ULW1<br>objectclass: radiusprofile<br>objectClass: account<br>#objectClass: posixAccount
<br>objectClass: top<br>objectClass: shadowAccount<br>radiusServiceType: Framed-User<br>radiusFramedProtocol: Ethernet<br>radiusFramedIPNetmask: <a href="http://255.255.255.0/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
255.255.255.0</a><br>radiusFramedRouting: None
<br>---------------------------------------------------------------------------------------------------------<br><br><br><br>Ready to process requests.<br>rad_recv: Access-Request packet from host <a href="http://10.10.29.49:1812/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

10.10.29.49:1812</a>, id=61, length=133<br>        NAS-IP-Address = <a href="http://10.10.29.49/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.10.29.49</a><br>        NAS-Port = 50035<br>        NAS-Port-Type = Ethernet
<br>        User-Name = "ldapuser5"
<br>        Called-Station-Id = "00-14-69-B1-DE-63"<br>        Calling-Station-Id = "00-11-85-81-FE-9F"<br>        Service-Type = Framed-User<br>        Framed-MTU = 1500<br>        EAP-Message = 0x0200000e016c6461707573657235
<br>        Message-Authenticator = 0xa87b5810daf6ae5596070a302b227a3a<br>  Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br>  modcall[authorize]: module "preprocess" returns ok for request 0
<br>    rlm_realm: No '@' in User-Name = "ldapuser5", looking up realm NULL<br>    rlm_realm: No such realm "NULL"<br>  modcall[authorize]: module "suffix" returns noop for request 0<br>    users: Matched DEFAULT at 153
<br>    users: Matched DEFAULT at 157<br>    users: Matched DEFAULT at 175<br>    users: Matched DEFAULT at 204<br>  modcall[authorize]: module "files" returns ok for request 0<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for ldapuser5
<br>radius_xlat:  '(uid=ldapuser5)'<br>radius_xlat:  'ou=people,dc=example,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to 
<a href="http://10.10.29.251:389/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.10.29.251:389</a>, authentication 0<br>rlm_ldap: bind as / to <a href="http://10.10.29.251:389/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
10.10.29.251:389</a><br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful
<br>rlm_ldap: performing search in ou=people,dc=example,dc=com, with filter (uid=ldapuser5)<br>rlm_ldap: Added password {crypt}$1$1jD47Q.o$o.Aqkoe/Z7au.phSO6ULW1 in check items<br>rlm_ldap: looking for check items in directory...
<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11<br>rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value <a href="http://255.255.255.0/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

255.255.255.0</a> & op=11<br>rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value Ethernet & op=11<br>rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11<br>rlm_ldap: user ldapuser5 authorized to use remote access
<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>  modcall[authorize]: module "ldap" returns ok for request 0<br>modcall: group authorize returns ok for request 0<br>  rad_check_password:  Found Auth-Type LDAP
<br>
auth: type "LDAP"<br>  Processing the authenticate section of radiusd.conf<br>modcall: entering group authtype for request 0<br>rlm_ldap: - authenticate<br>rlm_ldap: Attribute "User-Password" is required for authentication.
<br>  modcall[authenticate]: module "ldap" returns invalid for request 0<br>modcall: group authtype returns invalid for request 0<br>auth: Failed to validate the user.<br>Sending Access-Reject of id 61 to <a href="http://10.10.29.49:1812/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">

10.10.29.49:1812</a><br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---<br>Waking up in 6 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 61 with timestamp 44458f3a
<br>Nothing to do.  Sleeping until we see a request.<br><br><br>Abey Babu Thomas

</div>