<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 10pt; color: #000000'><P>thanks i´ll try.</P>
<P> </P>
<P><BR>----- Mensaje original -----<BR>De: "John Dennis" <jdennis@redhat.com><BR>Para: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org><BR>CC: "Daniel Soto" <daxocam@uax.es><BR>Enviados: Viernes, 30 de Abril 2010 13:55:36<BR>Asunto: Re: supplicant winxp+freeradius+ldap<BR><BR>On 04/30/2010 02:50 AM, Daniel Soto wrote:<BR>> hi.<BR>><BR>> i think that this problem is very similar to many people but i can´t<BR>> find the solution.<BR>><BR>> i´m trying authenticate users of windows with is own supplicant, when i<BR>> try authenticate in local users no problem, however the problem is when<BR>> i try it with openldap.<BR>><BR>> i received a message.<BR>><BR>> Auth: rlm_ldap: Attribute "User-Password" is required for authentication.<BR>> Thu Apr 29 16:44:57 2010 : Auth: Login incorrect: [peter] (from client<BR>> wifi port 6145 cli 00-74-05-A6-91-BD)<BR>><BR>> i have read most about this problem but i can´t find de solution.<BR><BR>If your debug output (which you didn't provide) contains this line:<BR><BR>WARNING: No "known good" password was found in LDAP. Are you sure that <BR>the user is configured correctly?<BR><BR>Then the likely problem is this line is missing from /etc/raddb/ldap.attrmap<BR><BR>checkItem Cleartext-Password userPassword<BR><BR>Here is what might be going on:<BR><BR>Many authentication protocols (i.e. mschap) require that a clear text <BR>password be available to the radius server. Hopefully you have set the <BR>userPassword attribute for your users in your ldap server and protected <BR>it with an ACL. rlm_ldap will lookup the user in ldap and requests the <BR>attributes defined in /etc/raddb/ldap.attrmap labeled "checkItem" and <BR>then adds those attributes it found to the request. The attribute <BR>retrieved from ldap is the 3rd item on the line, the radius attribute <BR>which is added to the request is the 2nd item on the line. Thus what the <BR>above does is to add Cleartext-Password as a radius check item to the <BR>request with the value of the ldap attribute userPassword for the user.<BR><BR>For reasons I do not understand the above line is missing from the <BR>default ldap.attrmap and this has tripped numerous people up.<BR><BR>Alan: Is there a reason why ldap.attrmap omits the clear text password <BR>retrieval?<BR><BR>-- <BR>John Dennis <jdennis@redhat.com><BR><BR>Looking to carve out IT costs?<BR>www.redhat.com/carveoutcosts/<BR><BR><SPAN><BR><BR>-- <BR></P>
<DIV>
<P align=center><FONT color=#990000></FONT> </P>
<P align=center><FONT color=#990000></FONT> </P>
<P align=center><FONT color=#990000></FONT> </P>
<P align=center><FONT color=#990000></FONT> </P>
<P align=center><FONT color=#990000>Daniel Soto</FONT></P>
<P align=center> </P>
<P align=center><FONT color=#990000>Dep. Comunicaciones U.A.X</FONT></P>
<P> </P></DIV><BR></SPAN></div></body></html>