On Jan 24, 2008 9:59 AM, Alan DeKok <aland@deployingradius.com> wrote:
Tomasz Zieleniewski wrote:
> Still something is wrong.
>
> I have the following authorize section:
...

 In which the default configuration has been massively changed.

 I'm not sure where else to document this: If you are not clear on how
the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION.

 If the configuration you've created doesn't work, then it's clear that
there's something missing.  In that case, follow the instructions in the
"man" page for how to create a working configuration.
...
> Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
> Thu Jan 24 09:40:35 2008 : Debug: auth: type Local

 Something in your local changes has set "Auth-Type := Local".
 
I didn't set it explicit. I don't know what caused setting Auth-Type to Local!!!!!!
But I found my error. The problem was in ldap
I didn't have Auth-Type Set in radius and I used old config from docs
directory which didn't have set_auth_type parameter.


 Can you please explain WHY you're doing that, WHERE you found
documentation saying that it was a good idea, and WHAT you think it's doing?

 The documentation that comes with 2.0 tries very hard to explain that
setting "Auth-Type" is almost always wrong.  Is there somewhere else we
need to document this?

 In addition, you're mapping a hashed password to a clear-text password:

> Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute
userPassword as RADIUS attribute Cleartext-Password ==
"{MD5}SNNMxdM+Zfvr//0yEp0DuA=="

 Again, this is NOT in the default configuration, and WILL NOT WORK.

Similar problem my LDAP server return hashed passwords instead of plain-text
i added additional parameter in LDAP which solved the issue.


 Start off with the default configuration.   Configure the "ldap"
module, and un-comment it from the "authorize" section.  Your tests
SHOULD work.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html