freeradius 2.1.6 ldap + mschapv2 to authenticate
Hi everyone. I've trying to setup a freeradius 2.1.6 with Ldap and mschapv2 to authenticate. when I send test from my console, this works fine. client: $ radtest user pass 10.14.56.26 0 secret. server in debug mode: Ready to process requests. rad_recv: Access-Request packet from host 172.24.104.12 port 39285, id=52, length=69 User-Name = "user" User-Password = "pass" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop [ldap] performing user authorization for user [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (&(SamAccountName=%{Stripped-User-Name:-%{User-Name})(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) -> (&(SamAccountName=user)(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) [ldap] expand: OU=Groups,DC=it,DC=test,DC=com -> OU=Groups,DC=it,DC=test,DC=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.14.56.100:389, authentication 0 rlm_ldap: bind as admin@it.test.com/adminpass to 10.14.56.100:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in OU=Groups,DC=it,DC=test,DC=com, with filter (&(SamAccountName=user)(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] Setting Auth-Type = ldap [ldap] user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = ldap +- entering group authenticate {...} [ldap] login attempt by "user" with password "pass" [ldap] user DN: CN=user,OU=General Group,OU=Users,DC=it,DC=test,DC=com rlm_ldap: (re)connect to 10.14.56.100:389, authentication 1 rlm_ldap: bind as CN=user,OU=General Group,OU=Users,DC=it,DC=test,DC=com/pass to 10.14.56.100:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful [ldap] user user authenticated succesfully ++[ldap] returns ok Login OK: [user/pass] (from client redprivada1 port 0) Sending Access-Accept of id 52 to 172.24.104.12 port 39285 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 52 with timestamp +10 But when I try to connect. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=174, length=189 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:redprivada1" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "acces-ponit-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020e0016016a75616e7061626c6f5f72616d6972657a Message-Authenticator = 0x76c7af8be679e0867bb2c06d1146d7e6 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop [ldap] performing user authorization for user [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (&(SamAccountName=%{Stripped-User-Name:-%{User-Name})(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) -> (&(SamAccountName=user)(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) [ldap] expand: OU=Groups,DC=it,DC=test,DC=com -> OU=Groups,DC=it,DC=test,DC=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in OU=Groups,DC=it,DC=test,DC=com, with filter (&(SamAccountName=user)(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com)) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_ldap Module: Instantiating ldap ldap { server = "10.14.56.100" port = 389 password = "H4b4cuc69" identity = "juanpablo_ramirez@na.foxconn.com" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" basedn = "OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com" filter = "(&(SamAccountName=%{Stripped-User-Name:-%{User-Name})(memberOf =CN=Wireless,OU=Groups,OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com)) " base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-U serDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Ne twork rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group- Id conns: 0x8188780 Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NA S-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y %m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/freeradius/freeradius.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/freeradius/freeradius.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=177, length=189 User-Name = "juanpablo_ramirez" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:foxconnGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "foxconn-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02110016016a75616e7061626c6f5f72616d6972657a Message-Authenticator = 0x5fdfd0ad23a6627e34d4b79a1e5c87c7 +- entering group authorize {...} ++[preprocess] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "juanpablo_ramirez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop [ldap] performing user authorization for juanpablo_ramirez [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (&(SamAccountName=%{Stripped-User-Name:-%{User-Name})(memberOf=CN=Wireless,OU=Groups,OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com)) -> (&(SamAccountName=juanpablo_ramirez)(memberOf=CN=Wireless,OU=Groups,OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com)) [ldap] expand: OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com -> OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.14.56.100:389, authentication 0 rlm_ldap: bind as juanpablo_ramirez@na.foxconn.com/H4b4cuc69 to 10.14.56.100:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com, with filter (&(SamAccountName=juanpablo_ramirez)(memberOf=CN=Wireless,OU=Groups,OU=GDL1,OU=Sites,OU=PCEBG-Sites,DC=na,DC=foxconn,DC=com)) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user juanpablo_ramirez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> juanpablo_ramirez attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 177 to 10.14.56.33 port 32768 Waking up in 4.9 seconds. Cleaning up request 0 ID 177 with timestamp +103 Ready to process requests. Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 177 to 10.14.56.33 port 32768 Waking up in 4.9 seconds. Cleaning up request 0 ID 177 with timestamp +103 Ready to process requests. I don't know what I'm missing. here is my radiusd.conf: modules { $INCLUDE ${confdir}/eap.conf ldap { server = "10.14.56.100" basedn = "OU=Groups,DC=it,DC=test,DC=com" identity = "admin@it.test.com" password = adminpass filter = "(&(SamAccountName=%{Stripped-User-Name:-%{User-Name})(memberOf=CN=Wireless,OU=Groups,DC=it,DC=test,DC=com))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 edir_account_policy_check=no timeout = 4 timelimit = 3 net_timeout = 1 } $INCLUDE ${(confdir)}/modules/ } authorize { preprocess suffix eap files ldap } authenticate { ldap unix mschap eap } I don't make changes in users file. It's the original file. Please help me. -- View this message in context: http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp2... Sent from the FreeRadius - User mailing list archive at Nabble.com.
I've trying to setup a freeradius 2.1.6 with Ldap and mschapv2 to authenticate. when I send test from my console, this works fine.
But when I try to connect.
I don't know what I'm missing. here is my radiusd.conf:
Why did you find it necessary to butcher default configuration? Use default radiusd.conf, configure ldap in modules (raddb/modules/ldap) and watch it work. Ivan Kalik Kalik Informatika ISP
Thanks for your response. Now I'm using the defaults files and configure the access in modules (raddb/modules/ldap). Now seems like the solution is closer, When I test this appear in my server in debug mode: [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 189 to 10.14.56.33 port 32768 EAP-Message = 0x040c0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 1 ID 188 with timestamp +30 Waking up in 1.0 seconds. Cleaning up request 2 ID 189 with timestamp +30 Ready to process requests. I think is problem on mi eap.conf file but I'm no sure what exactly I have to do. Any idea? Ivan Kalik wrote:
I've trying to setup a freeradius 2.1.6 with Ldap and mschapv2 to authenticate. when I send test from my console, this works fine.
But when I try to connect.
I don't know what I'm missing. here is my radiusd.conf:
Why did you find it necessary to butcher default configuration? Use default radiusd.conf, configure ldap in modules (raddb/modules/ldap) and watch it work.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp2... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Thanks for your response.
Now I'm using the defaults files and configure the access in modules (raddb/modules/ldap). Now seems like the solution is closer,
When I test this appear in my server in debug mode: ... [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found.
Well, type 25 is PEAP, and that is defined in eap.conf by default. As are a few others.
I think is problem on mi eap.conf file but I'm no sure what exactly I have to do. Any idea?
Have you done some strange things to eap.conf or are you using the default one? Default configuration works. Ivan Kalik Kalik Informatika ISP
Ivan Kalik wrote:
Have you done some strange things to eap.conf or are you using the default one? Default configuration works.
I replace eap.conf with the Default eap.conf file and this is my debug: ++[ldap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 198 to 10.14.56.33 port 32768 EAP-Message = 0x040d0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 1 ID 190 with timestamp +51 Cleaning up request 2 ID 191 with timestamp +51 Cleaning up request 3 ID 192 with timestamp +51 Cleaning up request 4 ID 193 with timestamp +51 Cleaning up request 5 ID 194 with timestamp +51 Cleaning up request 6 ID 195 with timestamp +51 Cleaning up request 7 ID 196 with timestamp +51 Cleaning up request 8 ID 197 with timestamp +51 Waking up in 1.0 seconds. Cleaning up request 9 ID 198 with timestamp +51 I'm missing something? -- View this message in context: http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp2... Sent from the FreeRadius - User mailing list archive at Nabble.com.
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error". The messages will tell you what is wrong, and why. All you need to do is read them. Alan DeKok.
Thanks for your help. I'm pretty new on freeradius. I've been read many how's to, but only in this post I've discovered many things. Alan DeKok-2 wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/freeradius-2.1.6-ldap-%2B-mschapv2-to-authenticate-tp2... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help? It's like reality TV. ;-) Chris. Alan DeKok wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
My "unhelpful" comments are directed at the people who don't read (a) the documentation I already wrote, or (b) the debugging messages I already wrote. Perhaps you could take over the role of "cut & paste" master, where you would cut and paste the existing documentation onto this list for certain people. Failing that, perhaps you could try another method of positive contribution that doesn't involve complaining about me. Alan DeKok.
If anyone needs help in getting there openldap to work with freeradius2 please reply back. I finally was able to figure it out and then used unlang to authorize my groups and would like to share what I have learned. Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
It's like reality TV. ;-)
Chris.
Alan DeKok wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Dave... What do you think about wiki? You can post there your experience... Best regards Dave Rummel wrote:
If anyone needs help in getting there openldap to work with freeradius2 please reply back. I finally was able to figure it out and then used unlang to authorize my groups and would like to share what I have learned.
Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
It's like reality TV. ;-)
Chris.
Would like to make a request for an account to the wiki so I can add to it. Dave Rummel wrote:
If anyone needs help in getting there openldap to work with freeradius2 please reply back. I finally was able to figure it out and then used unlang to authorize my groups and would like to share what I have learned.
Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
It's like reality TV. ;-)
Chris.
Alan DeKok wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Dave, I would like to see what you learn :) 2009/6/25 Dave Rummel <daverummel@boothcreek.com>
Would like to make a request for an account to the wiki so I can add to it.
Dave Rummel wrote:
If anyone needs help in getting there openldap to work with freeradius2 please reply back. I finally was able to figure it out and then used unlang to authorize my groups and would like to share what I have learned.
Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
It's like reality TV. ;-)
Chris.
Alan DeKok wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ____________________ Ana Gallardo Gómez ____________________
Tutorial for 1.x: Don't change anything - configure only ldap section of radiusd.conf. Tutorial for 2.x: Don't change anything - configure only raddb/modules/ldap. Detailed instructions on what does each configuration item means for your freeradius version are included with the server in doc/rlm_ldap. Ivan Kalik Kalik Informatika ISP
Hi Dave, I would like to see what you learn :)
2009/6/25 Dave Rummel <daverummel@boothcreek.com>
Would like to make a request for an account to the wiki so I can add to it.
Dave Rummel wrote:
If anyone needs help in getting there openldap to work with freeradius2 please reply back. I finally was able to figure it out and then used unlang to authorize my groups and would like to share what I have learned.
Christopher Sheldon wrote:
Does anyone else who subscribes to the list specifically read every email Alan sends just to chuckle at him berating the poor, confused people seeking help?
It's like reality TV. ;-)
Chris.
Alan DeKok wrote:
jpablorp wrote:
I replace eap.conf with the Default eap.conf file
and this is my debug:
Where you have *deleted* the real cause of the error.
[peap] Had sent TLV failure. User was rejected earlier in this session.
Look EARLIER in the debug log for the failure. It's really not hard. Look for words like "reject", or "fail", or "error".
The messages will tell you what is wrong, and why. All you need to do is read them.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ____________________
Ana Gallardo Gómez ____________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (7)
-
Alan DeKok -
Ana Gallardo -
Christopher Sheldon -
Dave Rummel -
Ivan Kalik -
jpablorp -
Marinko Tarlac