rlm_ldap: Attribute "User-Password" is required for authentication

melvin melvin.wong at muvee.com
Tue Aug 9 11:53:53 CEST 2005


Hi Vladimir,

Tks for your help, I've managed to setup the ldap with freeradius. One last 
question is that is it possible to have freeradius authenticate thru ldap 
and also the users file. The reason is because I need to create a guest 
account for guests to login our wireless network. But the guest may not 
allow me to install SecureW2 on their notebook, so I am hoping I can setup a 
common password for guest inside users file. Or is there an easier way to 
accomplish this? Appreciate if you can help me again. Thank you.

cheers,
melvin



----- Original Message ----- 
From: "melvin" <melvin.wong at muvee.com>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, July 27, 2005 6:35 PM
Subject: Re: rlm_ldap: Attribute "User-Password" isrequired 
forauthentication


> Hi Vladimir,
>
> I've followed your write-up on FreeRADIUS and LDAP and configured my 
> Windows clients to use TTLS+PAP but I still get the same error as below:
>
> rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0, 
> length=125
>        User-Name = "melvin"
>        NAS-IP-Address = 192.168.84.11
>        Called-Station-Id = "000f66005feb"
>        Calling-Station-Id = "0012f075e7b3"
>        NAS-Identifier = "000f66005feb"
>        NAS-Port = 33
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message = 0x0201000b016d656c76696e
>        Message-Authenticator = 0x1cbf370b745f6863e6478bfed57edd74
>  Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "melvin", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: EAP packet type response id 1 length 11
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry DEFAULT at line 152
>  modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns updated for request 0
>  rad_check_password:  Found Auth-Type LDAP
> auth: type "LDAP"
>  Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
>  modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group Auth-Type returns invalid for request 0
> auth: Failed to validate the user.
>
> Any ideas where I might go wrong?
>
> cheers,
> melvin
>
> ----- Original Message ----- 
> From: "Vladimir Vuksan" <vlists at veus.hr>
> To: "FreeRadius users mailing list" 
> <freeradius-users at lists.freeradius.org>
> Sent: Tuesday, July 26, 2005 10:33 PM
> Subject: Re: rlm_ldap: Attribute "User-Password" isrequired 
> forauthentication
>
>
>> melvin wrote:
>>
>>>> LDAP does provide some authentication -- through the 'BIND' statement.
>>>> Incidentally, this is how the FreeRadius rlm_ldap module chooses to
>>>> authenticate against an LDAP entry... it attempts to 'bind' to it, 
>>>> passing
>>>> the username and password to LDAP.
>>>>
>>>> I have successfully integrated FreeRadius & LDAP -- I can get you my
>>>> config entries if you would like.  It worked with OpenLDAP practically
>>>> out-of-the-box.
>>>
>>
>> I have a write-up on FreeRADIUS and LDAP. It should apply to most 
>> configurations
>>
>> http://vuksan.com/linux/dot1x/802-1x-LDAP.html
>> - List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 





More information about the Freeradius-Users mailing list