LDAP NT-Password vs. Cleartext-Password
Florian Prester
Florian.Prester at rrze.uni-erlangen.de
Tue Jun 14 11:02:08 CEST 2005
Hi,
How can I controll if the radius should take the nt-Password or the
cleartext-Password?
I mapped an cleartext-Entry in ldap to the User-Password radius entry in
ldap.attrmap.
The request is looking in the directory for the checkItem:
User-Password --> found!
But for authentication it wants to do MS-CHAPv2 with the NT-Password!!??!!
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 7
rlm_mschap: Told to do MS-CHAPv2 for unrz148 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 7
modcall: group Auth-Type returns ok for request 7
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 64 to 131.188.4.191:20001
but later:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=AAAuser,o=Universitaet
Erlangen-Nuernberg,c=DE, with filter (Userid=unrz148)
rlm_ldap: checking if remote access for unrz148 is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding fauUserid as User-Password, value unrz148 & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user unrz148 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 8
rlm_eap: EAP packet type response id 7 length 89
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
rlm_realm: No '@' in User-Name = "unrz148", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
modcall[authorize]: module "files" returns notfound for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
----------------------------------------
---> What means this?????
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 8
modcall: group authenticate returns invalid for request 8
auth: Failed to validate the user.
---------------------------------------
Login incorrect: [unrz148/<no User-Password attribute>] (from client
airbrush port 0 cli 00-90-4B-8F-B7-3B)
Delaying request 8 for 1 seconds
Finished request 8
I am sorry I do not get it, here is my complete log-Output: see attachment
Thanks
Florian
--
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany
Tel.: +499131 8527813
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius_ldap.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050614/8887fc14/attachment.ksh>
More information about the Freeradius-Users
mailing list