<font size="2">
<p>Hi</p>
<p> </p>
<p>I delete the entry Auth := Ldap in users file. As pointed about in freeradius wiki </p></font><a href="http://www.mycohq.com/2006/02/freeradius-openldap-windows-xp-and.html"><font face="Times New Roman" color="#810081">
FreeRadius, OpenLDAP, Windows XP, and 802.1x</font></a><font face="Times New Roman TUR"> how to, I set ldap in the authentication authorization</font><font face="Times New Roman"> </font><font face="Times New Roman TUR">part of
radius.conf. My ldap search result is below. </font><font size="2">
<p>........</p>
<p>userpassword=ramazan</p>
<p>.............</p>
<p>radiusclass=groupnet</p>
<p>objectclass=radiusprofile</p>
<p>objectclass=top</p>
<p>objectclass=posixAccount</p>
<p>objectclass=shadowAccount</p>
<p>...........</p>
<p>radiusgroupname=VPN</p>
<p>radiustunnelmediumtype=6</p>
<p>radiustunnelprivategroupid=2</p>
<p>radiustunneltype=VLAN</p>
<p>radiusauthtype=ldap <= eap or leave it empty for eap</p>
<p>radiusstripusername=true</p>
<p>In ldap when I leave radiusauth type empty, eap authentication works. radtest and xp client are unsucessfull. when i set it ldap, rlm_ldap can bind username and password for radtest but unsucessfull for xp client. The radius debug logs are below. Am i missing a point ?
</p>
<p>setting radiusauthtype empty or eap:</p></font><font face="Courier New" size="2">
<p>Starting - reading configuration files ...</p>
<p>reread_config: reading radiusd.conf</p>
<p>Config: including file: /etc/raddb/proxy.conf</p>
<p>Config: including file: /etc/raddb/clients.conf</p>
<p>Config: including file: /etc/raddb/snmp.conf</p>
<p>Config: including file: /etc/raddb/sql.conf</p>
<p>main: prefix = "/usr"</p>
<p>main: localstatedir = "/var"</p>
<p>main: logdir = "/var/log/radius"</p>
<p>main: libdir = "/usr/lib/freeradius"</p>
<p>main: radacctdir = "/var/log/radius/radacct"</p>
<p>main: hostname_lookups = no</p>
<p>main: max_request_time = 30</p>
<p>main: cleanup_delay = 5</p>
<p>main: max_requests = 1024</p>
<p>main: delete_blocked_requests = 0</p>
<p>main: port = 0</p>
<p>main: allow_core_dumps = no</p>
<p>main: log_stripped_names = yes</p>
<p>main: log_file = "/var/log/radius/radius.log"</p>
<p>main: log_auth = yes</p>
<p>main: log_auth_badpass = yes</p>
<p>main: log_auth_goodpass = yes</p>
<p>main: pidfile = "/var/run/radiusd/radiusd.pid"</p>
<p>main: user = "radiusd"</p>
<p>main: group = "radiusd"</p>
<p>main: usercollide = no</p>
<p>main: lower_user = "no"</p>
<p>main: lower_pass = "no"</p>
<p>main: nospace_user = "no"</p>
<p>main: nospace_pass = "no"</p>
<p>main: checkrad = "/usr/sbin/checkrad"</p>
<p>main: proxy_requests = yes</p>
<p>proxy: retry_delay = 5</p>
<p>proxy: retry_count = 3</p>
<p>proxy: synchronous = no</p>
<p>proxy: default_fallback = yes</p>
<p>proxy: dead_time = 120</p>
<p>proxy: post_proxy_authorize = yes</p>
<p>proxy: wake_all_if_all_dead = no</p>
<p>security: max_attributes = 200</p>
<p>security: reject_delay = 1</p>
<p>security: status_server = no</p>
<p>main: debug_level = 0</p>
<p>read_config_files: reading dictionary</p>
<p>read_config_files: reading naslist</p>
<p>read_config_files: reading clients</p>
<p>read_config_files: reading realms</p>
<p>radiusd: entering modules setup</p>
<p>Module: Library search path is /usr/lib/freeradius</p>
<p>Module: Loaded expr </p>
<p>Module: Instantiated expr (expr) </p>
<p>Module: Loaded PAP </p>
<p>pap: encryption_scheme = "crypt"</p>
<p>Module: Instantiated pap (pap) </p>
<p>Module: Loaded CHAP </p>
<p>Module: Instantiated chap (chap) </p>
<p>Module: Loaded MS-CHAP </p>
<p>mschap: use_mppe = yes</p>
<p>mschap: require_encryption = yes</p>
<p>mschap: require_strong = yes</p>
<p>mschap: passwd = "(null)"</p>
<p>mschap: authtype = "MS-CHAP"</p>
<p>Module: Instantiated mschap (mschap) </p>
<p>Module: Loaded eap </p>
<p>eap: default_eap_type = "md5"</p>
<p>eap: timer_expire = 60</p>
<p>rlm_eap: Loaded and initialized the type md5</p>
<p>rlm_eap: Loaded and initialized the type leap</p>
<p>Module: Instantiated eap (eap) </p>
<p>Module: Loaded LDAP </p>
<p>ldap: server = "<a href="http://192.168.100.18">192.168.100.18</a>"</p>
<p>ldap: port = 389</p>
<p>ldap: net_timeout = 1</p>
<p>ldap: timeout = 4</p>
<p>ldap: timelimit = 3</p>
<p>ldap: identity = ""</p>
<p>ldap: start_tls = no</p>
<p>ldap: password = ""</p>
<p>ldap: basedn = "dc=<a href="http://dot1x.com">dot1x.com</a>"</p>
<p>ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"</p>
<p>ldap: default_profile = "(null)"</p>
<p>ldap: profile_attribute = "(null)"</p>
<p>ldap: password_header = "(null)"</p>
<p>ldap: password_attribute = "userPassword"</p>
<p>ldap: access_attr = "radiusGroupName"</p>
<p>ldap: groupname_attribute = "cn"</p>
<p>ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"</p>
<p>ldap: groupmembership_attribute = "radiusGroupName"</p>
<p>ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"</p>
<p>ldap: ldap_debug = 0</p>
<p>ldap: ldap_connections_number = 5</p>
<p>ldap: compare_check_items = no</p>
<p>ldap: access_attr_used_for_allow = yes</p>
<p>conns: (nil)</p>
<p>rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap</p>
<p>rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$</p>
<p>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$</p>
<p>rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type</p>
<p>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use</p>
<p>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id</p>
<p>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id</p>
<p>rlm_ldap: LDAP sambalmPassword mapped to RADIUS LM-Password</p>
<p>rlm_ldap: LDAP sambantPassword mapped to RADIUS NT-Password</p>
<p>rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT</p>
<p>rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration</p>
<p>rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type</p>
<p>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol</p>
<p>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address</p>
<p>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask</p>
<p>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route</p>
<p>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing</p>
<p>rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id</p>
<p>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU</p>
<p>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression</p>
<p>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host</p>
<p>rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service</p>
<p>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port</p>
<p>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number</p>
<p>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id</p>
<p>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network</p>
<p>rlm_ldap: LDAP radiusClass mapped to RADIUS Class</p>
<p>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout</p>
<p>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout</p>
<p>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action</p>
<p>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service</p>
<p>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node</p>
<p>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group</p>
<p>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link</p>
<p>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network</p>
<p>rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone</p>
<p>rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit</p>
<p>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port</p>
<p>rlm_ldap: LDAP userpassword mapped to RADIUS User-Password</p>
<p>rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type</p>
<p>rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type</p>
<p>rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id</p>
<p>conns: 0x8102738</p>
<p>Module: Instantiated ldap (ldap) </p>
<p>Module: Loaded preprocess </p>
<p>preprocess: huntgroups = "/etc/raddb/huntgroups"</p>
<p>preprocess: hints = "/etc/raddb/hints"</p>
<p>preprocess: with_ascend_hack = no</p>
<p>preprocess: ascend_channels_per_line = 23</p>
<p>preprocess: with_ntdomain_hack = no</p>
<p>preprocess: with_specialix_jetstream_hack = no</p>
<p>preprocess: with_cisco_vsa_hack = no</p>
<p>Module: Instantiated preprocess (preprocess) </p>
<p>Module: Loaded files </p>
<p>files: usersfile = "/etc/raddb/users"</p>
<p>files: acctusersfile = "/etc/raddb/acct_users"</p>
<p>files: preproxy_usersfile = "/etc/raddb/preproxy_users"</p>
<p>files: compat = "no"</p>
<p>Module: Instantiated files (files) </p>
<p>Module: Loaded realm </p>
<p>realm: format = "suffix"</p>
<p>realm: delimiter = "@"</p>
<p>Module: Instantiated realm (suffix) </p>
<p>Module: Loaded Acct-Unique-Session-Id </p>
<p>acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"</p>
<p>Module: Instantiated acct_unique (acct_unique) </p>
<p>Module: Loaded detail </p>
<p>detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</p>
<p>detail: detailperm = 384</p>
<p>detail: dirperm = 493</p>
<p>detail: locking = no</p>
<p>Module: Instantiated detail (detail) </p>
<p>Module: Loaded System </p>
<p>unix: cache = no</p>
<p>unix: passwd = "(null)"</p>
<p>unix: shadow = "(null)"</p>
<p>unix: group = "(null)"</p>
<p>unix: radwtmp = "/var/log/radius/radwtmp"</p>
<p>unix: usegroup = no</p>
<p>unix: cache_reload = 600</p>
<p>Module: Instantiated unix (unix) </p>
<p>Module: Loaded radutmp </p>
<p>radutmp: filename = "/var/log/radius/radutmp"</p>
<p>radutmp: username = "%{User-Name}"</p>
<p>radutmp: case_sensitive = yes</p>
<p>radutmp: check_with_nas = yes</p>
<p>radutmp: perm = 384</p>
<p>radutmp: callerid = yes</p>
<p>Module: Instantiated radutmp (radutmp) </p>
<p>Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.</p>
<p>Ready to process requests.</p>
<p>rad_recv: Access-Request packet from host <a href="http://192.168.100.17:1812">192.168.100.17:1812</a>, id=1, length=129</p>
<p>NAS-IP-Address = <a href="http://192.168.100.17">192.168.100.17</a></p>
<p>NAS-Port = 50001</p>
<p>NAS-Port-Type = Ethernet</p>
<p>User-Name = "ramazan"</p>
<p>Called-Station-Id = "00-0F-8F-77-DB-81"</p>
<p>Calling-Station-Id = "00-12-79-AE-D2-4D"</p>
<p>Service-Type = Framed-User</p>
<p>Framed-MTU = 1500</p>
<p>EAP-Message = 0x0200000c0172616d617a616e</p>
<p>Message-Authenticator = 0x8a4f927fbcce1a12dcb00a4c236ec701</p>
<p>modcall: entering group authorize for request 0</p>
<p>modcall[authorize]: module "preprocess" returns ok for request 0</p>
<p>modcall[authorize]: module "chap" returns noop for request 0</p>
<p>rlm_eap: EAP packet type notification id 0 length 12</p>
<p>rlm_eap: EAP Start not found</p>
<p>modcall[authorize]: module "eap" returns updated for request 0</p>
<p>rlm_ldap: Entering ldap_groupcmp()</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: attempting LDAP reconnection</p>
<p>rlm_ldap: (re)connect to <a href="http://192.168.100.18:389">192.168.100.18:389</a>, authentication 0</p>
<p>rlm_ldap: bind as / to <a href="http://192.168.100.18:389">192.168.100.18:389</a></p>
<p>rlm_ldap: waiting for bind result ...</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">
dot1x.com</a>)))'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
<a href="http://dot1x.com">dot1x.com</a>))))</p>
<p>rlm_ldap: object not found or got ambiguous search result</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (objectclass=*)</p>
<p>rlm_ldap::ldap_groupcmp: User found in group VPN</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>users: Matched DEFAULT at 174</p>
<p>modcall[authorize]: module "files" returns ok for request 0</p>
<p>modcall[authorize]: module "mschap" returns noop for request 0</p>
<p>rlm_ldap: - authorize</p>
<p>rlm_ldap: performing user authorization for ramazan</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName</p>
<p>rlm_ldap: looking for check items in directory...</p>
<p>rlm_ldap: looking for reply items in directory...</p>
<p>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11</p>
<p>rlm_ldap: Adding radiusClass as Class, value </p></font><font face="Courier New TUR" size="2">groupnet</font><font face="Courier New" size="2"> & op=11
<p>rlm_ldap: user ramazan authorized to use remote access</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>modcall[authorize]: module "ldap" returns ok for request 0</p>
<p>modcall: group authorize returns updated for request 0</p>
<p>rad_check_password: Found Auth-Type EAP</p>
<p>auth: type "EAP"</p>
<p>modcall: entering group authenticate for request 0</p>
<p>rlm_eap: EAP packet type notification id 0 length 12</p>
<p>rlm_eap: EAP Start not found</p>
<p>rlm_eap: EAP Identity</p>
<p>rlm_eap: processing type md5</p>
<p>rlm_eap_md5: Issuing Challenge</p>
<p>modcall[authenticate]: module "eap" returns ok for request 0</p>
<p>modcall: group authenticate returns ok for request 0</p>
<p>Login OK: [ramazan/<no User-Password attribute>] (from client radius port 50001 cli 00-12-79-AE-D2-4D)</p>
<p>Sending Access-Challenge of id 1 to <a href="http://192.168.100.17:1812">192.168.100.17:1812</a></p>
<p>Framed-IP-Address = <a href="http://255.255.255.254">255.255.255.254</a></p>
<p>Framed-MTU = 576</p>
<p>Service-Type = Framed-User</p>
<p>Tunnel-Private-Group-Id:0 = "2"</p>
<p>Tunnel-Medium-Type:0 = 6</p>
<p>Tunnel-Type:0 = VLAN</p>
<p>Class = 0x656d706c6f796565</p>
<p>EAP-Message = 0x0101001604106d6c333898b626964b2203a6d80d25e1</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>State = 0xfa913f8b96bc01a75efe3fffe2f4d30e0441bd45ac205ad8a7fd3a6763e586acf768a6f2</p>
<p>Finished request 0</p>
<p>Going to the next request</p>
<p>--- Walking the entire request list ---</p>
<p>Waking up in 6 seconds...</p>
<p>rad_recv: Access-Request packet from host <a href="http://192.168.100.17:1812">192.168.100.17:1812</a>, id=2, length=184</p>
<p>NAS-IP-Address = <a href="http://192.168.100.17">192.168.100.17</a></p>
<p>NAS-Port = 50001</p>
<p>NAS-Port-Type = Ethernet</p>
<p>User-Name = "ramazan"</p>
<p>Called-Station-Id = "00-0F-8F-77-DB-81"</p>
<p>Calling-Station-Id = "00-12-79-AE-D2-4D"</p>
<p>Service-Type = Framed-User</p>
<p>Framed-MTU = 1500</p>
<p>State = 0xfa913f8b96bc01a75efe3fffe2f4d30e0441bd45ac205ad8a7fd3a6763e586acf768a6f2</p>
<p>EAP-Message = 0x0201001d041041c58cc39f1aeb6a9447de0629d9d3f072616d617a616e</p>
<p>Message-Authenticator = 0x1c95466718f44687bc3807f5be116b53</p>
<p>modcall: entering group authorize for request 1</p>
<p>modcall[authorize]: module "preprocess" returns ok for request 1</p>
<p>modcall[authorize]: module "chap" returns noop for request 1</p>
<p>rlm_eap: EAP packet type notification id 1 length 29</p>
<p>rlm_eap: EAP Start not found</p>
<p>modcall[authorize]: module "eap" returns updated for request 1</p>
<p>rlm_ldap: Entering ldap_groupcmp()</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">
dot1x.com</a>)))'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
<a href="http://dot1x.com">dot1x.com</a>))))</p>
<p>rlm_ldap: object not found or got ambiguous search result</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (objectclass=*)</p>
<p>rlm_ldap::ldap_groupcmp: User found in group VPN</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>users: Matched DEFAULT at 174</p>
<p>modcall[authorize]: module "files" returns ok for request 1</p>
<p>modcall[authorize]: module "mschap" returns noop for request 1</p>
<p>rlm_ldap: - authorize</p>
<p>rlm_ldap: performing user authorization for ramazan</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName</p>
<p>rlm_ldap: looking for check items in directory...</p>
<p>rlm_ldap: looking for reply items in directory...</p>
<p>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11</p>
<p>rlm_ldap: Adding radiusClass as Class, value </p></font><font face="Courier New TUR" size="2">groupnet</font><font face="Courier New" size="2"> & op=11
<p>rlm_ldap: user ramazan authorized to use remote access</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>modcall[authorize]: module "ldap" returns ok for request 1</p>
<p>modcall: group authorize returns updated for request 1</p>
<p>rad_check_password: Found Auth-Type EAP</p>
<p>auth: type "EAP"</p>
<p>modcall: entering group authenticate for request 1</p>
<p>rlm_eap: EAP packet type notification id 1 length 29</p>
<p>rlm_eap: EAP Start not found</p>
<p>rlm_eap: Request found, released from the list</p>
<p>rlm_eap: EAP_TYPE - md5</p>
<p>rlm_eap: processing type md5</p>
<p>rlm_eap_md5: No password configured for this user</p>
<p>modcall[authenticate]: module "eap" returns invalid for request 1</p>
<p>modcall: group authenticate returns invalid for request 1</p>
<p>auth: Failed to validate the user.</p>
<p>Login incorrect: [ramazan/<no User-Password attribute>] (from client radius port 50001 cli 00-12-79-AE-D2-4D)</p>
<p>Delaying request 1 for 1 seconds</p>
<p>Finished request 1</p>
<p>Going to the next request</p>
<p>Waking up in 6 seconds...</p>
<p>rad_recv: Access-Request packet from host <a href="http://192.168.100.17:1812">192.168.100.17:1812</a>, id=2, length=184</p>
<p>Sending Access-Reject of id 2 to <a href="http://192.168.100.17:1812">192.168.100.17:1812</a></p>
<p>EAP-Message = 0x04010004</p>
<p>Message-Authenticator = 0x00000000000000000000000000000000</p>
<p>--- Walking the entire request list ---</p>
<p>Waking up in 2 seconds...</p></font><font face="Courier New TUR" size="2">
<div>**********************************************************************************************</div>
<div>setting radiusauthtype ldap: </div>
<p>reading configuration is same so i put authentication part</p></font><font face="Courier New" size="2">
<p>rad_recv: Access-Request packet from host <a href="http://192.168.100.17:1812">192.168.100.17:1812</a>, id=18, length=129</p>
<p>NAS-IP-Address = <a href="http://192.168.100.17">192.168.100.17</a></p>
<p>NAS-Port = 50001</p>
<p>NAS-Port-Type = Ethernet</p>
<p>User-Name = "ramazan"</p>
<p>Called-Station-Id = "00-0F-8F-77-DB-81"</p>
<p>Calling-Station-Id = "00-12-79-AE-D2-4D"</p>
<p>Service-Type = Framed-User</p>
<p>Framed-MTU = 1500</p>
<p>EAP-Message = 0x0203000c0172616d617a616e</p>
<p>Message-Authenticator = 0xc041b95761c1e87cc678910ff3f6b687</p>
<p>modcall: entering group authorize for request 0</p>
<p>modcall[authorize]: module "preprocess" returns ok for request 0</p>
<p>modcall[authorize]: module "chap" returns noop for request 0</p>
<p>rlm_eap: EAP packet type notification id 3 length 12</p>
<p>rlm_eap: EAP Start not found</p>
<p>modcall[authorize]: module "eap" returns updated for request 0</p>
<p>rlm_ldap: Entering ldap_groupcmp()</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: attempting LDAP reconnection</p>
<p>rlm_ldap: (re)connect to <a href="http://192.168.100.18:389">192.168.100.18:389</a>, authentication 0</p>
<p>rlm_ldap: bind as / to <a href="http://192.168.100.18:389">192.168.100.18:389</a></p>
<p>rlm_ldap: waiting for bind result ...</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>radius_xlat: '(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">
dot1x.com</a>)))'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
<a href="http://dot1x.com">dot1x.com</a>))))</p>
<p>rlm_ldap: object not found or got ambiguous search result</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (objectclass=*)</p>
<p>rlm_ldap::ldap_groupcmp: User found in group VPN</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>users: Matched DEFAULT at 174</p>
<p>modcall[authorize]: module "files" returns ok for request 0</p>
<p>modcall[authorize]: module "mschap" returns noop for request 0</p>
<p>rlm_ldap: - authorize</p>
<p>rlm_ldap: performing user authorization for ramazan</p>
<p>radius_xlat: '(uid=ramazan)'</p>
<p>radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'</p>
<p>ldap_get_conn: Got Id: 0</p>
<p>rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)</p>
<p>rlm_ldap: checking if remote access for ramazan is allowed by radiusGroupName</p>
<p>rlm_ldap: looking for check items in directory...</p>
<p>rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21</p>
<p>rlm_ldap: looking for reply items in directory...</p>
<p>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 & op=11</p>
<p>rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11</p>
<p>rlm_ldap: Adding radiusClass as Class, value </p></font><font face="Courier New TUR" size="2">groupnet</font><font face="Courier New" size="2"> & op=11
<p>rlm_ldap: user ramazan authorized to use remote access</p>
<p>ldap_release_conn: Release Id: 0</p>
<p>modcall[authorize]: module "ldap" returns ok for request 0</p>
<p>modcall: group authorize returns updated for request 0</p>
<p>rad_check_password: Found Auth-Type ldap</p>
<p>auth: type "LDAP"</p>
<p>modcall: entering group authenticate for request 0</p>
<p>rlm_ldap: - authenticate</p>
<p>rlm_ldap: Attribute "User-Password" is required for authentication.</p>
<p>modcall[authenticate]: module "ldap" returns invalid for request 0</p>
<p>modcall: group authenticate returns invalid for request 0</p>
<p>auth: Failed to validate the user.</p>
<p>Login incorrect: [ramazan/<no User-Password attribute>] (from client radius port 50001 cli 00-12-79-AE-D2-4D)</p>
<p>Delaying request 0 for 1 seconds</p>
<p>Finished request 0</p>
<p>Going to the next request</p>
<p>--- Walking the entire request list ---</p>
<p>Waking up in 1 seconds...</p>
<p>--- Walking the entire request list ---</p>
<p>Sending Access-Reject of id 18 to <a href="http://192.168.100.17:1812">192.168.100.17:1812</a></p>
<p>Waking up in 4 seconds...</p>
<p>--- Walking the entire request list ---</p>
<p>Cleaning up request 0 ID 18 with timestamp 45bca254</p>
<p>Nothing to do. Sleeping until we see a request.</p></font><font face="Courier New TUR" size="2">
<p> </p></font><font face="Courier New" size="2">
<p> </p></font><font size="2">
<p> </p></font><br><br>
<div><span class="gmail_quote">On 1/29/07, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Ramazan Ulker wrote:<br>>. But while<br>> authenticating from xp client with md5-challenge, I got<br>
><br>> Auth:rlm_ldap:Attribute "User-Password" is required for authentication<br><br>You set Auth-Type := LDAP. Don't do that.<br><br>> error. In one of the e-mail you said don't authenticate from ldap, but
<br>> with radtest function i get success!!!<br><br>I know. Please read the documentation on why.<br><br>> The passwords are kept clear<br>> text. I'm looking forward to getting your help. I also send radius debug
<br>> log.<br><br>The solution? Follow my instructions.<br><br>Alan DeKok.<br>--<br><a href="http://deployingradius.com">http://deployingradius.com</a> - The web site of the book<br><a href="http://deployingradius.com/blog/">
http://deployingradius.com/blog/</a> - The blog<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>