Hi Vladimir, Tks for your help, I've managed to setup the ldap with freeradius. One last question is that is it possible to have freeradius authenticate thru ldap and also the users file. The reason is because I need to create a guest account for guests to login our wireless network. But the guest may not allow me to install SecureW2 on their notebook, so I am hoping I can setup a common password for guest inside users file. Or is there an easier way to accomplish this? Appreciate if you can help me again. Thank you. cheers, melvin ----- Original Message ----- From: "melvin" <melvin.wong@muvee.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Wednesday, July 27, 2005 6:35 PM Subject: Re: rlm_ldap: Attribute "User-Password" isrequired forauthentication
Hi Vladimir,
I've followed your write-up on FreeRADIUS and LDAP and configured my Windows clients to use TTLS+PAP but I still get the same error as below:
rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0, length=125 User-Name = "melvin" NAS-IP-Address = 192.168.84.11 Called-Station-Id = "000f66005feb" Calling-Station-Id = "0012f075e7b3" NAS-Identifier = "000f66005feb" NAS-Port = 33 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b016d656c76696e Message-Authenticator = 0x1cbf370b745f6863e6478bfed57edd74 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "melvin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user.
Any ideas where I might go wrong?
cheers, melvin
----- Original Message ----- From: "Vladimir Vuksan" <vlists@veus.hr> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 26, 2005 10:33 PM Subject: Re: rlm_ldap: Attribute "User-Password" isrequired forauthentication
melvin wrote:
LDAP does provide some authentication -- through the 'BIND' statement. Incidentally, this is how the FreeRadius rlm_ldap module chooses to authenticate against an LDAP entry... it attempts to 'bind' to it, passing the username and password to LDAP.
I have successfully integrated FreeRadius & LDAP -- I can get you my config entries if you would like. It worked with OpenLDAP practically out-of-the-box.
I have a write-up on FreeRADIUS and LDAP. It should apply to most configurations
http://vuksan.com/linux/dot1x/802-1x-LDAP.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html