<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi everybody, <br>
<br>
I've a Problem with my freeradius installation.<br>
In the office i have access points, which will authenticate over the
freeradius server. Freeradius should look in ldap for username and
password.<br>
<br>
Thats what i get when i try to login with an iphone or ipad.<br>
<small><br>
rad_recv: Access-Request packet from host 10.119.12.3 port 1178,
id=17, length=199<br>
Message-Authenticator = 0x0842b4ee5b5b8aa8cdfd939570dc1cc3<br>
Service-Type = Framed-User<br>
User-Name = "test.user"<br>
Framed-MTU = 1488<br>
Called-Station-Id = "204E7FE98E93:test-int"<br>
Calling-Station-Id = "145A05C362D4"<br>
NAS-Identifier = "aptest03"<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 54Mbps 802.11g"<br>
EAP-Message = 0x0200001501646f6d696e697175652e6d6f747a6574<br>
NAS-IP-Address = 10.119.12.3<br>
NAS-Port = 2<br>
NAS-Port-Id = "STA port # 2"<br>
+- entering group authorize<br>
++[preprocess] returns ok<br>
rlm_realm: No '@' in User-Name = "test.user", looking up realm
NULL<br>
rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br>
++[files] returns noop<br>
rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for dominique.motzet<br>
WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details<br>
expand:
(&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=%{Stripped-User-Name:-%{User-Name}}))
->
(&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user))<br>
expand: dc=test,dc=local -> dc=test,dc=local<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to localhost:389, authentication 0<br>
rlm_ldap: starting TLS<br>
rlm_ldap: bind as cn=admin,dc=test,dc=local/Testing123 to
localhost:389<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in dc=test,dc=local, with filter
(&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user))<br>
rlm_ldap: checking if remote access for dominique.motzet is
allowed by uid<br>
rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>
rlm_ldap: LDAP attribute userPassword as RADIUS attribute
User-Password == "{crypt}$1$cyxWDOrg$J0RAKfQ8wiqboGuKakbNx0"<br>
rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute
NT-Password ==
0x3245453043333441393146393533443035414246463830413531433346433037<br>
rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute
LM-Password ==
0x4633413830383632323945384445453438314645364439304239333331374342<br>
rlm_ldap: looking for reply items in directory...<br>
rlm_ldap: user test.user authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns ok<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
!!! Replacing User-Password in config items with
Cleartext-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
!!! Please update your configuration so that the "known
good" !!!<br>
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
auth: type Local<br>
auth: No User-Password or CHAP-Password attribute in the request<br>
auth: Failed to validate the user.<br>
Login incorrect: [test.user/<no User-Password attribute>]
(from client aptest03 port 2 cli 145A05C362D4)<br>
Found Post-Auth-Type Reject<br>
+- entering group REJECT<br>
expand: %{User-Name} -> test.user<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.</small><br>
<br>
<br>
Thx for help.<br>
<br>
MJ
<pre class="moz-signature" cols="72">--
Adfinis SyGroup AG
Mihajlo Joksimovic, System Engineer
Güterstrasse 86 | CH-4053 Basel
Tel. 061 333 80 33</pre>
</body>
</html>