Hi all, I am facing problems with Ldap and freeradius on RedHat linux AS 4. I can sucessfully authenticate with windows xp machines with freeradius local "users" file and md5 using cisco 2950. Radtest is successful for the ldapusers, but the radius -X shows "rlm_ldap: Attribute "User-Password" is required for authentication. & modcall[authenticate]: module "ldap" returns invalid for request 0" Any help will be appreciated. Thanks I am using the configuration file from the source file. ------------------- [root@localhost ~]# cat /etc/raddb/radiusd.conf prefix = /usr exec_prefix = ${prefix} sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 0 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no # The program to execute to do concurrency checks. #checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 0 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { ldap { server = "10.10.29.251" #identity = "uid=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com" #identity = "cn=Manager,dc=example,dc=com" #password = password basedn = "ou=people,dc=example,dc=com" #filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile)" start_tls = no tls_mode = no #default_profile = "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com" #profile_attribute = "radiusProfileDn" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_cache_timeout = 120 ldap_cache_size = 0 ldap_connections_number = 10 #password_header = "{crypt}" password_attribute = userPassword #groupname_attribute = radiusGroupName #groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}}))(objectclass=radiusProfile)" #groupmembership_attribute = radiusGroupName timeout = 3 timelimit = 5 net_timeout = 1 compare_check_items = no #access_attr_used_for_allow = yes } realm suffix { format = suffix delimiter = "@" } preprocess { huntgroups = ${confdir}/huntgroups #hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users #acctusersfile = ${confdir}/acct_users compat = no #use old style users } # regular detail files detail detail1 { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 dirperm = 0755 } # temp detail file to replicate to accountrad detail detail2 { detailfile= ${radacctdir}/detail-combined detailperm = 0600 dirperm = 0755 locking = yes } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address,Client-IP-Address, NAS-Port-Id" } #radutmp { # filename = ${logdir}/radutmp # perm = 0600 # callerid = "yes" #} #radutmp sradutmp { # filename = ${logdir}/sradutmp # perm = 0644 # callerid = "no" #} #attr_filter { # attrsfile = ${confdir}/attrs #} # The "always" module is here for debugging purposes. Each # instance simply returns the same result, always, without # doing anything. always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } # # The 'expression' module current has no configuration. expr { } } instantiate { expr } authorize { preprocess suffix files ldap } authenticate { authtype LDAP { ldap } } preacct { preprocess suffix files } accounting { acct_unique detail1 detail2 #radutmp #sradutmp } #session { #radutmp #} #post-auth { # Get an address from the IP Pool. #main_pool #} ---------------------------------------- The ldif file dn: uid=ldapuser5,ou=People,dc=example,dc=com uid: ldapuser5 cn: ldapuser5 userPassword: {crypt}$1$1jD47Q.o$o.Aqkoe/Z7au.phSO6ULW1 objectclass: radiusprofile objectClass: account #objectClass: posixAccount objectClass: top objectClass: shadowAccount radiusServiceType: Framed-User radiusFramedProtocol: Ethernet radiusFramedIPNetmask: 255.255.255.0 radiusFramedRouting: None --------------------------------------------------------------------------------------------------------- Ready to process requests. rad_recv: Access-Request packet from host 10.10.29.49:1812, id=61, length=133 NAS-IP-Address = 10.10.29.49 NAS-Port = 50035 NAS-Port-Type = Ethernet User-Name = "ldapuser5" Called-Station-Id = "00-14-69-B1-DE-63" Calling-Station-Id = "00-11-85-81-FE-9F" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0200000e016c6461707573657235 Message-Authenticator = 0xa87b5810daf6ae5596070a302b227a3a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "ldapuser5", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 153 users: Matched DEFAULT at 157 users: Matched DEFAULT at 175 users: Matched DEFAULT at 204 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for ldapuser5 radius_xlat: '(uid=ldapuser5)' radius_xlat: 'ou=people,dc=example,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.10.29.251:389, authentication 0 rlm_ldap: bind as / to 10.10.29.251:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=people,dc=example,dc=com, with filter (uid=ldapuser5) rlm_ldap: Added password {crypt}$1$1jD47Q.o$o.Aqkoe/Z7au.phSO6ULW1 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11 rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.0 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value Ethernet & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user ldapuser5 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group authtype for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 0 modcall: group authtype returns invalid for request 0 auth: Failed to validate the user. Sending Access-Reject of id 61 to 10.10.29.49:1812 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 61 with timestamp 44458f3a Nothing to do. Sleeping until we see a request. Abey Babu Thomas