<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hiya<br><br>I need some help to configure freeradius with openldap. I have a ldap database<br>which stores password in SSHA format, so i choose PAP for authentication. I want to use freeradius to authenticate<br>on a netgear Wifi access point.<br><br>(http://deployingradius.com/documents/protocols/compatibility.html)<br><br>I've set up the AP in client freeradius in clients.conf, with a secret and shortname<br>like in documentation. <br><br>Next i've put auto_header = yes in pap.conf<br>And uncomment the line ldap to activate module in /site-enable/default<br><br>When i start server in debug mode, authorization works fine but server have problems<br>to authentication step and i don't understand why<br>Here is the debug comments :<br><br>rad_recv: Access-Request packet from host 192.168.0.201 port 32774, id=85, length=169<br> User-Name = "cyril"<br> NAS-IP-Address = 192.168.0.201<br> NAS-Identifier = "hello"<br> NAS-Port = 0<br> Called-Station-Id = "4C-60-DE-D2-22-61:easyBridge2"<br> Calling-Station-Id = "7C-C5-37-14-16-C9"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 0Mbps 802.11b"<br> EAP-Message = 0x0200000e016e6c61746869657265<br> Message-Authenticator = 0x2bf3ec3446adc97ea15c4c160ee8b0bbThu Nov 22 15:04:36 2012 : <br><br>Wed Nov 21 18:39:17 2012 : Info: [ldap] looking for reply items in directory...<br>Wed Nov 21 18:39:17 2012 : Info: [ldap] user cyril authorized to use remote access<br>Wed Nov 21 18:39:17 2012 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0<br>Wed Nov 21 18:39:17 2012 : Info: ++[ldap] returns ok<br>Wed Nov 21 18:39:17 2012 : Info: ++[expiration] returns noop<br>Wed Nov 21 18:39:17 2012 : Info: ++[logintime] returns noop<br>Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing NT-Password from hex encoding<br>Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing SSHA1-Password from base64 encoding<br>Wed Nov 21 18:39:17 2012 : Info: [pap] Found existing Auth-Type, not changing it.<br>Wed Nov 21 18:39:17 2012 : Info: ++[pap] returns noop<br>Wed Nov 21 18:39:17 2012 : Info: Found Auth-Type = PAP<br>Wed Nov 21 18:39:17 2012 : Info: +- entering group PAP {...}<br>Auth: [pap] Attribute "Password" is required for authentication.<br>Thu Nov 22 15:04:36 2012 : Info: ++[pap] returns invalid<br>Thu Nov 22 15:04:36 2012 : Info: Failed to authenticate the user.<br>Thu Nov 22 15:04:36 2012 : Auth: Login incorrect: [cyril/<via Auth-Type = PAP>] (from client WNAP320 port 0 cli 44-A7-CF-CD-C5-C7)<br>Thu Nov 22 15:04:36 2012 : Info: Using Post-Auth-Type Reject<br>Thu Nov 22 15:04:36 2012 : Info: +- entering group REJECT {...}<br>Thu Nov 22 15:04:36 2012 : Debug: expand: %{User-Name} -> cyril<br>Thu Nov 22 15:04:36 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11<br>Thu Nov 22 15:04:36 2012 : Info: ++[attr_filter.access_reject] returns updated<br>Thu Nov 22 15:04:36 2012 : Info: Delaying reject of request 5 for 1 seconds<br>Thu Nov 22 15:04:36 2012 : Debug: Going to the next request<br>Thu Nov 22 15:04:36 2012 : Debug: Waking up in 0.9 seconds.<br>Thu Nov 22 15:04:37 2012 : Info: Sending delayed reject for request 5<br><br><br> </div></body>
</html>