hi,<br><br>i just want to understand.<br><br>why [ldap] Added User-Password = test in check items , and how to replace it by Cleartext-Password.<br>Is ldap returns password non crypted?<br>is ldap use 'Auth-Type = Local' ?<br>
<br>cause in my users files i just use this.<br><br>DEFAULT Huntgroup-Name == labtest8021x, Ldap-Group == labtest8021x, User-Profile := "cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com"<br> Tunnel-Type = VLAN,<br>
Tunnel-Medium-type = IEEE-802,<br> Tunnel-Private-Group-ID = 100,<br> Fall-Through = no<br><br>i don't really understand how ldap deals back information.<br><br>Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>Listening on proxy address * port 1814<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=129, length=153<br> User-Name = "bernard"<br>
Service-Type = Framed-User<br> Framed-MTU = 1500<br> Called-Station-Id = "00-1A-A1-64-BB-1A"<br> Calling-Station-Id = "00-18-8B-B5-26-B7"<br> EAP-Message = 0x0202000c016265726e617264<br>
Message-Authenticator = 0xd1135be7c82704b37a76a55d1cfb5091<br> Cisco-NAS-Port = "FastEthernet0/24"<br> NAS-Port = 50024<br> NAS-Port-Type = Ethernet<br> NAS-IP-Address = 192.168.20.253<br>+- entering group authorize {...}<br>
++[preprocess] returns ok<br>[suffix] No '@' in User-Name = "bernard", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br> [ldap] Entering ldap_groupcmp()<br>
[files] expand: dc=example,dc=com -> dc=example,dc=com<br>[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[files] ... expanding second conditional<br>
[files] expand: %{User-Name} -> bernard<br>[files] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)<br> [ldap] ldap_get_conn: Checking Id: 0<br> [ldap] ldap_get_conn: Got Id: 0<br> [ldap] attempting LDAP reconnection<br>
[ldap] (re)connect to <a href="http://10.75.128.251:389">10.75.128.251:389</a>, authentication 0<br> [ldap] bind as cn=manager,ou=admins,ou=radius,dc=example,dc=com/test to <a href="http://10.75.128.251:389">10.75.128.251:389</a><br>
[ldap] waiting for bind result ...<br> [ldap] Bind was successful<br> [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)<br> [ldap] ldap_release_conn: Release Id: 0<br>[files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>
[files] ... expanding second conditional<br>[files] expand: %{User-Name} -> bernard<br>[files] expand: (&(cn=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile)) -> (&(cn=bernard)(objectclass=radiusprofile))<br>
[ldap] ldap_get_conn: Checking Id: 0<br> [ldap] ldap_get_conn: Got Id: 0<br> [ldap] performing search in dc=example,dc=com, with filter (&(radiusGroupName=labtest8021x)(&(cn=bernard)(objectclass=radiusprofile)))<br>
rlm_ldap::ldap_groupcmp: User found in group labtest8021x<br> [ldap] ldap_release_conn: Release Id: 0<br>[files] users: Matched entry DEFAULT at line 72<br>++[files] returns ok<br>[ldap] performing user authorization for bernard<br>
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>[ldap] ... expanding second conditional<br>[ldap] expand: %{User-Name} -> bernard<br>[ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)<br>
[ldap] expand: dc=example,dc=com -> dc=example,dc=com<br> [ldap] ldap_get_conn: Checking Id: 0<br> [ldap] ldap_get_conn: Got Id: 0<br> [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)<br> [ldap] performing search in cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com, with filter (objectclass=radiusprofile)<br>
[ldap] radiusFramedRouting -> Framed-Routing = None<br> [ldap] radiusFramedIPNetmask -> Framed-IP-Netmask = 255.255.254.0<br> [ldap] radiusFramedProtocol -> Framed-Protocol = PPP<br> [ldap] radiusServiceType -> Service-Type = Framed-User<br>
[ldap] Added User-Password = test in check items<br>[ldap] No default NMAS login sequence<br>[ldap] looking for check items in directory...<br>[ldap] looking for reply items in directory...<br>[ldap] user bernard authorized to use remote access<br>
[ldap] ldap_release_conn: Release Id: 0<br>++[ldap] returns ok<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Replacing User-Password in config items with Cleartext-Password. !!! <b>=> how it's not in my users files</b><br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Please update your configuration so that the "known good" !!!<br>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>WARNING: Please update your configuration, and remove 'Auth-Type = Local' <b> => how that came to local?</b><br>WARNING: Use the PAP or CHAP modules instead. <b>=> same question</b><br>
No User-Password or CHAP-Password attribute in the request.<br>Cannot perform authentication.<br>Failed to authenticate the user.<br>Using Post-Auth-Type Reject<br> WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 129 to 192.168.20.253 port 1645<br> Tunnel-Type:0 = VLAN<br>
Tunnel-Medium-Type:0 = IEEE-802<br> Tunnel-Private-Group-Id:0 = "100"<br> Framed-Routing = None<br> Framed-IP-Netmask = 255.255.254.0<br> Framed-Protocol = PPP<br> Service-Type = Framed-User<br>
Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 129 with timestamp +17<br>Ready to process requests.<br><br><br>thank u so much<br><br><br>