Hey guys,<br><br>i'm trying configure a VPN Server with PPTP, using the 'radiusclient', to connect on a FreeRadius, with auth in a LDAP Server.<br><br>I "finished" the configure, but when a try connect with a client Windows XP, don't work.<br>
<br>The radiusd -X output:<br><br>=====<br>[root@server /usr/local/etc/raddb]# radiusd -X<br>Starting - reading configuration files ...<br>reread_config: reading radiusd.conf<br>Config: including file: /usr/local/etc/raddb/clients.conf<br>
main: prefix = "/usr/local"<br> main: localstatedir = "/var"<br> main: logdir = "/var/log"<br> main: libdir = "/usr/local/lib"<br> main: radacctdir = "/var/log/radacct"<br>
main: hostname_lookups = no<br> main: max_request_time = 30<br> main: cleanup_delay = 5<br> main: max_requests = 1024<br> main: delete_blocked_requests = 0<br> main: port = 0<br> main: allow_core_dumps = no<br> main: log_stripped_names = no<br>
main: log_file = "/var/log/radius.log"<br> main: log_auth = yes<br> main: log_auth_badpass = no<br> main: log_auth_goodpass = no<br> main: pidfile = "/var/run/radiusd/radiusd.pid"<br> main: user = "(null)"<br>
main: group = "(null)"<br> main: usercollide = no<br> main: lower_user = "no"<br> main: lower_pass = "no"<br> main: nospace_user = "no"<br> main: nospace_pass = "no"<br> main: checkrad = "/usr/local/sbin/checkrad"<br>
main: proxy_requests = no<br> security: max_attributes = 200<br> security: reject_delay = 1<br> security: status_server = no<br> main: debug_level = 0<br>read_config_files: reading dictionary<br>read_config_files: reading naslist<br>
read_config_files: reading clients<br>read_config_files: reading realms<br>radiusd: entering modules setup<br>Module: Library search path is /usr/local/lib<br>Module: Loaded exec <br> exec: wait = yes<br> exec: program = "(null)"<br>
exec: input_pairs = "request"<br> exec: output_pairs = "(null)"<br> exec: packet_type = "(null)"<br>rlm_exec: Wait=yes but no output defined. Did you mean output=none?<br>Module: Instantiated exec (exec) <br>
Module: Loaded expr <br>Module: Instantiated expr (expr) <br>Module: Loaded PAP <br> pap: encryption_scheme = "crypt"<br> pap: auto_header = no<br>Module: Instantiated pap (pap) <br>Module: Loaded LDAP <br> ldap: server = "<a href="http://ldap.telemedicina.ufsc.br">ldap.telemedicina.ufsc.br</a>"<br>
ldap: port = 389<br> ldap: net_timeout = 1<br> ldap: timeout = 4<br> ldap: timelimit = 3<br> ldap: identity = "cn=Manager,dc=telemedicina,dc=ufsc,dc=br"<br> ldap: tls_mode = no<br> ldap: start_tls = no<br> ldap: tls_cacertfile = "(null)"<br>
ldap: tls_cacertdir = "(null)"<br> ldap: tls_certfile = "(null)"<br> ldap: tls_keyfile = "(null)"<br> ldap: tls_randfile = "(null)"<br> ldap: tls_require_cert = "allow"<br>
ldap: password = "XXXXXXX"<br> ldap: basedn = "ou=Users,dc=telemedicina,dc=ufsc,dc=br"<br> ldap: filter = "(&(objectClass=posixAccount)(uid=%u))"<br> ldap: base_filter = "(objectclass=radiusprofile)"<br>
ldap: default_profile = "(null)"<br> ldap: profile_attribute = "(null)"<br> ldap: password_header = "{Cleartext-Password}"<br> ldap: password_attribute = "sambaNTPassword"<br> ldap: access_attr = "(null)"<br>
ldap: groupname_attribute = "cn"<br> ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<br>
ldap: groupmembership_attribute = "(null)"<br> ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"<br> ldap: ldap_debug = 0<br> ldap: ldap_connections_number = 5<br> ldap: compare_check_items = no<br>
ldap: access_attr_used_for_allow = yes<br> ldap: do_xlat = yes<br> ldap: set_auth_type = yes<br>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<br>rlm_ldap: Registering ldap_xlat with xlat_name ldap<br>rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap<br>
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<br>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<br>rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<br>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use<br>
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<br>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<br>rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password<br>rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password<br>
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<br>rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<br>rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<br>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol<br>
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<br>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<br>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<br>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing<br>
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<br>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<br>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression<br>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<br>
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<br>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port<br>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<br>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<br>
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network<br>rlm_ldap: LDAP radiusClass mapped to RADIUS Class<br>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<br>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<br>
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<br>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<br>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node<br>
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<br>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link<br>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network<br>
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone<br>rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<br>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port<br>conns: 0x5bc100<br>
Module: Instantiated ldap (ldap) <br>Module: Loaded CHAP <br>Module: Instantiated chap (chap) <br>Module: Loaded MS-CHAP <br> mschap: use_mppe = yes<br> mschap: require_encryption = no<br> mschap: require_strong = no<br> mschap: with_ntdomain_hack = yes<br>
mschap: passwd = "(null)"<br> mschap: ntlm_auth = "(null)"<br>Module: Instantiated mschap (mschap) <br>Module: Loaded System <br> unix: cache = no<br> unix: passwd = "(null)"<br> unix: shadow = "(null)"<br>
unix: group = "(null)"<br> unix: radwtmp = "/var/log/radwtmp"<br> unix: usegroup = no<br> unix: cache_reload = 600<br>Module: Instantiated unix (unix) <br>Module: Loaded preprocess <br> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"<br>
preprocess: hints = "/usr/local/etc/raddb/hints"<br> preprocess: with_ascend_hack = no<br> preprocess: ascend_channels_per_line = 23<br> preprocess: with_ntdomain_hack = no<br> preprocess: with_specialix_jetstream_hack = no<br>
preprocess: with_cisco_vsa_hack = no<br> preprocess: with_alvarion_vsa_hack = no<br>Module: Instantiated preprocess (preprocess) <br>Module: Loaded files <br> files: usersfile = "/usr/local/etc/raddb/users"<br>
files: acctusersfile = "/usr/local/etc/raddb/acct_users"<br> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br> files: compat = "no"<br>Module: Instantiated files (files) <br>
Module: Loaded realm <br> realm: format = "suffix"<br> realm: delimiter = "@"<br> realm: ignore_default = no<br> realm: ignore_null = no<br>Module: Instantiated realm (suffix) <br>Module: Loaded detail <br>
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br> detail: detailperm = 384<br> detail: dirperm = 493<br> detail: locking = no<br>Module: Instantiated detail (detail) <br>Module: Loaded radutmp <br>
radutmp: filename = "/var/log/radutmp"<br> radutmp: username = "%{User-Name}"<br> radutmp: case_sensitive = yes<br> radutmp: check_with_nas = yes<br> radutmp: perm = 384<br> radutmp: callerid = yes<br>
Module: Instantiated radutmp (radutmp) <br>Listening on authentication *:1812<br>Listening on accounting *:1813<br>Ready to process requests.<br>rad_recv: Access-Request packet from host <a href="http://150.162.67.254:32838">150.162.67.254:32838</a>, id=28, length=94<br>
Service-Type = Framed-User<br> Framed-Protocol = PPP<br> User-Name = "nobody"<br> CHAP-Challenge = 0x5eeda4e624ec08496ead36b7895bb06f1eb3a24801<br> CHAP-Password = 0xe41a875f6823b9777d806817d4d3a3121d<br>
NAS-IP-Address = <a href="http://1.1.1.1">1.1.1.1</a><br> NAS-Port = 0<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br>
users: Matched entry DEFAULT at line 198<br> modcall[authorize]: module "files" returns ok for request 0<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for nobody<br>radius_xlat: '(&(objectClass=posixAccount)(uid=nobody))'<br>
radius_xlat: 'ou=Users,dc=telemedicina,dc=ufsc,dc=br'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: attempting LDAP reconnection<br>rlm_ldap: (re)connect to <a href="http://ldap.telemedicina.ufsc.br:389">ldap.telemedicina.ufsc.br:389</a>, authentication 0<br>
rlm_ldap: bind as cn=Manager,dc=telemedicina,dc=ufsc,dc=br/XXXXX to <a href="http://ldap.telemedicina.ufsc.br:389">ldap.telemedicina.ufsc.br:389</a><br>rlm_ldap: waiting for bind result ...<br>rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in ou=Users,dc=telemedicina,dc=ufsc,dc=br, with filter (&(objectClass=posixAccount)(uid=nobody))<br>rlm_ldap: Password header not found in password 5A88C11C0EDC83D3DEA6AE1A0653E889 for user nobody<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: Adding sambaNtPassword as NT-Password, value 5A88C11C0EDC83D3DEA6AE1A0653E889 & op=21<br>rlm_ldap: Adding sambaLmPassword as LM-Password, value 89E0B38AC380D2B8AAD3B435B51404EE & op=21<br>
rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user nobody authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 0<br>
rlm_chap: Setting 'Auth-Type := CHAP'<br> modcall[authorize]: module "chap" returns ok for request 0<br> modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: No '@' in User-Name = "nobody", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 0<br>rlm_pap: Normalizing NT-Password from hex encoding<br>rlm_pap: Normalizing LM-Password from hex encoding<br>
rlm_pap: Found existing Auth-Type, not changing it.<br> modcall[authorize]: module "pap" returns noop for request 0<br>modcall: leaving group authorize (returns ok) for request 0<br> rad_check_password: Found Auth-Type CHAP<br>
auth: type "CHAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group CHAP for request 0<br> rlm_chap: login attempt by "nobody" with CHAP password<br> rlm_chap: Could not find clear text password for user nobody<br>
modcall[authenticate]: module "chap" returns invalid for request 0<br>modcall: leaving group CHAP (returns invalid) for request 0<br>auth: Failed to validate the user.<br><b>Login incorrect (rlm_chap: Clear text password not available): </b>[nobody] (from client access-vpn port 0)<br>
Delaying request 0 for 1 seconds<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>Waking up in 1 seconds...<br>
--- Walking the entire request list ---<br>Sending Access-Reject of id 28 to <a href="http://150.162.67.254">150.162.67.254</a> port 32838<br>Waking up in 4 seconds...<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 28 with timestamp 492d66b7<br>
Nothing to do. Sleeping until we see a request.<br>====<br><br>The result of 'radtest':<br><br>epiderme:/etc/ppp# radtest nobody XXXXX <a href="http://ldap.telemedicina.ufsc.br:1812">ldap.telemedicina.ufsc.br:1812</a> 1 XXXXXX<br>
Sending Access-Request of id 241 to <a href="http://150.162.67.5">150.162.67.5</a> port 1812<br> User-Name = "nobody"<br> User-Password = "0101"<br> NAS-IP-Address = <a href="http://255.255.255.255">255.255.255.255</a><br>
NAS-Port = 1<br>rad_recv: Access-Accept packet from host <a href="http://150.162.67.5:1812">150.162.67.5:1812</a>, id=241, length=20<br><br>==<br><br>Please, anyone can help me?<br><br>Thanks in advanced.<br>Douglas<br>