Sorry list, but i try to configure this in few weeks and no get sucess. Realy need help for list. im try to all sites in google, but no get sucess. i try this: http://blog.yufeng.net/index.php/2010/07/debian-poptop-freeradius-openldap/ http://wiki.freeradius.org/Rlm_ldap http://mhoran.wordpress.com/2007/11/25/freeradius-on-freebsd-and-openldap/ my debug only appears: rad_recv: Access-Request packet from host 10.12.60.32 port 35717, id=31, length=64 User-Name = "ipe-dp" User-Password = "7\271D\250yhG'E\361\t{\237\366S\347" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP Tue Nov 23 07:37:24 2010 : Debug: +- entering group authorize Tue Nov 23 07:37:24 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Nov 23 07:37:24 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Nov 23 07:37:24 2010 : Debug: ++[preprocess] returns ok Tue Nov 23 07:37:24 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: - authorize Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Tue Nov 23 07:37:24 2010 : Debug: expand: (uid=%u) -> (uid=ipe-dp) Tue Nov 23 07:37:24 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: attempting LDAP reconnection Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: waiting for bind result ... Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: Bind was successful Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: No default NMAS login sequence Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: looking for check items in directory... Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute sambaNTPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute sambaLMPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "ipe-dp" Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: looking for reply items in directory... Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Tue Nov 23 07:37:24 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Tue Nov 23 07:37:24 2010 : Debug: ++[ldap] returns ok Tue Nov 23 07:37:24 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Tue Nov 23 07:37:24 2010 : Debug: !!! Replacing User-Password in config items with Cleartext-Password. !!! Tue Nov 23 07:37:24 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Tue Nov 23 07:37:24 2010 : Debug: !!! Please update your configuration so that the "known good" !!! Tue Nov 23 07:37:24 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Tue Nov 23 07:37:24 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Tue Nov 23 07:37:24 2010 : Debug: auth: type Local Tue Nov 23 07:37:24 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Tue Nov 23 07:37:24 2010 : Debug: auth: Failed to validate the user. Tue Nov 23 07:37:24 2010 : Auth: Login incorrect: [ipe-dp/7\271D\250yhG'E\361\t{\237\366S\347] (from client BrasilTelecom port 1812) Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Tue Nov 23 07:37:24 2010 : Debug: Delaying reject of request 0 for 1 seconds Tue Nov 23 07:37:24 2010 : Debug: Going to the next request Tue Nov 23 07:37:24 2010 : Debug: Waking up in 0.9 seconds. Tue Nov 23 07:37:25 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 31 to 10.12.60.32 port 35717 Tue Nov 23 07:37:25 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 10.12.60.32 port 1812, id=31, length=20 rad_verify: Received Access-Reject packet from client 10.12.60.32 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) attention to auth type Local! WHY Local if i put in configuration to auth type LDAP? Sorry, i dont understand . Please help. Sorry for my bad english.
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier. Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear. Alan DeKok.
sorry alan, i understand need to read debug. But, i see secret in clients and my test radtest user pass ip 0 secret is corretly. And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ... Realy sorry for this, but need u help. Regards, 2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
Show us your authorize and authenticate session . I had a problem like that once Regards , On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HI Paulo, Thanks for u reply, see below my authenticate and authorize session. authorize { preprocess mschap ldap } authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } } 2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
What auth method u're trying to use ? EAP/PEAP ? Regards , On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like that
once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
where i define this? eap.conf? sorry, newbie with freeradius. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ? EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards , On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote: > but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
> Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in > the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I read in many sites, for get ldap auth need mschap, its true? i try mschap. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
> Old Eduardo wrote: > > but i try to configure this in few weeks and no get sucess. > > Ask questions earlier. > > Or, read the debug output. > > > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters > in > > the password. Double-check the shared secret on the server and > the NAS! > > That message seems pretty clear. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u could try to use EAP/PEAP . Its easier for windows clients . Regards , On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
I read in many sites, for get ldap auth need mschap, its true?
i try mschap.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
> sorry alan, i understand need to read debug. > > But, i see secret in clients and my test radtest user pass ip 0 > secret is corretly. > > And my other doubt is in auth type = Local, why local if i put auth > type LDAP in configuration? Only get local ... > > Realy sorry for this, but need u help. > > Regards, > > > 2010/11/23 Alan DeKok <aland@deployingradius.com> > >> Old Eduardo wrote: >> > but i try to configure this in few weeks and no get sucess. >> >> Ask questions earlier. >> >> Or, read the debug output. >> >> > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable >> characters in >> > the password. Double-check the shared secret on the server and >> the NAS! >> >> That message seems pretty clear. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Old Eduardo ... > > make a difference ... > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
yes i have. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
Do u have NT e LM passowrd attributes in ur LDAP database ? coz if u do u could try to use EAP/PEAP . Its easier for windows clients . Regards ,
On Wed, Nov 24, 2010 at 9:26 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
I read in many sites, for get ldap auth need mschap, its true?
i try mschap.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
yes . but i have to include in your authorize and authenticate sessions . What kind of auth ure trying to get ? Regards ,
On Wed, Nov 24, 2010 at 8:43 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
where i define this? eap.conf?
sorry, newbie with freeradius.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like > that once > > Regards , > > > On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote: > >> sorry alan, i understand need to read debug. >> >> But, i see secret in clients and my test radtest user pass ip 0 >> secret is corretly. >> >> And my other doubt is in auth type = Local, why local if i put auth >> type LDAP in configuration? Only get local ... >> >> Realy sorry for this, but need u help. >> >> Regards, >> >> >> 2010/11/23 Alan DeKok <aland@deployingradius.com> >> >>> Old Eduardo wrote: >>> > but i try to configure this in few weeks and no get sucess. >>> >>> Ask questions earlier. >>> >>> Or, read the debug output. >>> >>> > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable >>> characters in >>> > the password. Double-check the shared secret on the server and >>> the NAS! >>> >>> That message seems pretty clear. >>> >>> Alan DeKok. >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >> >> -- >> Old Eduardo ... >> >> make a difference ... >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
ok i found this. sites-enabled/default eap auth mode. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ? EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote:
but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
It works ? On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
Old Eduardo wrote: > but i try to configure this in few weeks and no get sucess.
Ask questions earlier.
Or, read the debug output.
> Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters in > the password. Double-check the shared secret on the server and the NAS!
That message seems pretty clear.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion ":-". See "man unlang" for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl" Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
Realy sorry for this, but need u help.
Regards,
2010/11/23 Alan DeKok <aland@deployingradius.com>
> Old Eduardo wrote: > > but i try to configure this in few weeks and no get sucess. > > Ask questions earlier. > > Or, read the debug output. > > > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters > in > > the password. Double-check the shared secret on the server and > the NAS! > > That message seems pretty clear. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
comment everything the users file . Brasileiro mano ? On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion ":-". See "man unlang" for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl" Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like
that once
Regards ,
On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
> sorry alan, i understand need to read debug. > > But, i see secret in clients and my test radtest user pass ip 0 > secret is corretly. > > And my other doubt is in auth type = Local, why local if i put auth > type LDAP in configuration? Only get local ... > > Realy sorry for this, but need u help. > > Regards, > > > 2010/11/23 Alan DeKok <aland@deployingradius.com> > >> Old Eduardo wrote: >> > but i try to configure this in few weeks and no get sucess. >> >> Ask questions earlier. >> >> Or, read the debug output. >> >> > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable >> characters in >> > the password. Double-check the shared secret on the server and >> the NAS! >> >> That message seems pretty clear. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Old Eduardo ... > > make a difference ... > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Opa e ae blz? Vou fazer isso amanha, te mandei para teu email todo o diretorio do freeradius para voce dar uma olhada nos confs, estou ha 3 semanas tentando fazer essa implementacao e nao consigo cara. amanha de manha vou la tentar denovo. obrigado pela forca. 2010/11/24 Paulo Maia <phc.maia@gmail.com>
comment everything the users file . Brasileiro mano ?
On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo <oldeduardo@gmail.com> wrote:
no :( in debug only appears auth type Local see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization for ipe-dp Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion ":-". See "man unlang" for details Wed Nov 24 08:30:54 2010 : Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: expand: dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to ldap.intra proxy.intra localhost:389 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp) Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password = {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl" Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3244413944423342333039463632333434374232384536393635374142333642 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x3845433036323546444141393630353041414433423433354235313430344545 Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in directory... Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use remote access Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds Wed Nov 24 08:30:54 2010 : Debug: Going to the next request Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds. Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0 Sending Access-Reject of id 78 to 127.0.0.1 port 58611 Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug: Cleaning up request 0 ID 78 with timestamp +5 ty for u help.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
It works ?
On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
ok i found this.
sites-enabled/default
eap auth mode.
2010/11/24 Paulo Maia <phc.maia@gmail.com>
What auth method u're trying to use ?
EAP/PEAP ?
Regards ,
On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo@gmail.com>wrote:
HI Paulo,
Thanks for u reply, see below my authenticate and authorize session.
authorize { preprocess mschap ldap }
authenticate { Auth-Type LDAP { ldap } Auth-Type MS-CHAP { mschap } }
2010/11/23 Paulo Maia <phc.maia@gmail.com>
Show us your authorize and authenticate session . I had a problem like > that once > > Regards , > > > On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo@gmail.com>wrote: > >> sorry alan, i understand need to read debug. >> >> But, i see secret in clients and my test radtest user pass ip 0 >> secret is corretly. >> >> And my other doubt is in auth type = Local, why local if i put auth >> type LDAP in configuration? Only get local ... >> >> Realy sorry for this, but need u help. >> >> Regards, >> >> >> 2010/11/23 Alan DeKok <aland@deployingradius.com> >> >>> Old Eduardo wrote: >>> > but i try to configure this in few weeks and no get sucess. >>> >>> Ask questions earlier. >>> >>> Or, read the debug output. >>> >>> > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable >>> characters in >>> > the password. Double-check the shared secret on the server and >>> the NAS! >>> >>> That message seems pretty clear. >>> >>> Alan DeKok. >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> >> >> -- >> Old Eduardo ... >> >> make a difference ... >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ...
make a difference ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Old Eduardo ... make a difference ...
Old Eduardo wrote:
no :( in debug only appears auth type Local
Stop wasting your time. You have NOT configured the server correctly, and you have NOT followed instructions on this list.
see: Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
You've used "radiusd -Xx". The FAQ, INSTALL, "man" page, and messages daily on this list say to use "radiusd -X". This should be easy to do.
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as RADIUS attribute Cleartext-Password == "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl"
This is wrong on many, many, levels. The password is a SSHA password, not a Cleartext-Password. You've edited the "ldap.attrmap" file to add the *wrong* information in it.
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password
Given your broken configuration, this is to be expected.
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user. Wed Nov 24 08:30:54 2010 : Auth: Login incorrect: [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0) Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
You were told to fix this problem. Read the error message. It's not hard to understand. Until you fix your system, authentication will *always* fail. The cause of the problem is simple and obvious. Even worse, you've been told how to fix it. So far, you've refused to follow instructions. If you're not going to follow the instructions given on this list, there is *no* reason to ask questions here. Alan DeKok.
Old Eduardo wrote:
sorry alan, i understand need to read debug.
But, i see secret in clients and my test radtest user pass ip 0 secret is corretly.
That uses a *different* secret, as the packet is coming from a different IP address. i.e. you can either fix the secret as suggested by the message and my emails, or you can *not* fix the secret, and continue to have problems.
And my other doubt is in auth type = Local, why local if i put auth type LDAP in configuration? Only get local ...
The debug log should make this clear. Alan DeKok.
participants (3)
-
Alan DeKok -
Old Eduardo -
Paulo Maia