On Jan 24, 2008 9:59 AM, Alan DeKok <aland@deployingradius.com> wrote:
Tomasz Zieleniewski wrote:
Still something is wrong.
I have the following authorize section: ...
In which the default configuration has been massively changed.
I'm not sure where else to document this: If you are not clear on how the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION.
If the configuration you've created doesn't work, then it's clear that there's something missing. In that case, follow the instructions in the "man" page for how to create a working configuration. ...
Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok Thu Jan 24 09:40:35 2008 : Debug: auth: type Local
Something in your local changes has set "Auth-Type := Local".
I didn't set it explicit. I don't know what caused setting Auth-Type to Local!!!!!! But I found my error. The problem was in ldap I didn't have Auth-Type Set in radius and I used old config from docs directory which didn't have set_auth_type parameter.
Can you please explain WHY you're doing that, WHERE you found documentation saying that it was a good idea, and WHAT you think it's doing?
The documentation that comes with 2.0 tries very hard to explain that setting "Auth-Type" is almost always wrong. Is there somewhere else we need to document this?
In addition, you're mapping a hashed password to a clear-text password:
Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Cleartext-Password == "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
Again, this is NOT in the default configuration, and WILL NOT WORK.
Similar problem my LDAP server return hashed passwords instead of plain-text i added additional parameter in LDAP which solved the issue.
Start off with the default configuration. Configure the "ldap" module, and un-comment it from the "authorize" section. Your tests SHOULD work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html