Advice on poptop - freeradius - ldap

Dirk Enrique Seiffert ds at caribenet.com
Wed Dec 13 01:15:27 CET 2006 

Hello,

I am trying to get Poptop, Freeradius and Openldap to work together.
Basically our VPN users should login with their credentials, to be checked
against ldap. I don't want to store radius attributes in LDAP, just assign
objectclass=pptpServerAccount for VPN useres in LDAP.

I set ldap in authorize {} and authenticate {}. In users I added


DEFAULT         Auth-Type := LDAP
               Fall-Through = 1

When i try to connect from an pptp client my logs show:

Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Added password
{md5}rcBovg3Uck47CSFRhqdtdQ== in check items
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: looking for check items in
directory...
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Adding sambaNTPassword as
CHAP-Password, value 80B328568267E5A48ACD43F6F67DAD2F & op=21
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Adding sambaNTPassword as
MS-CHAP-Password, value 80B328568267E5A48ACD43F6F67DAD2F & op=21
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Adding sambaNTPassword as
NT-Password, value 80B328568267E5A48ACD43F6F67DAD2F & op=21
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Adding sambaLMPassword as
LM-Password, value ADC77F8F04FBC94CAAD3B435B51404EE & op=21
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: Adding userPassword as
User-Password, value { & op=21
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: looking for reply items in
directory...
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: user test1 authorized to use
remote access
Tue Dec 12 19:07:31 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Dec 12 19:07:31 2006 : Debug:   modsingle[authorize]: returned from
ldap (rlm_ldap) for request 0
Tue Dec 12 19:07:31 2006 : Debug:   modcall[authorize]: module "ldap"
returns ok for request 0
Tue Dec 12 19:07:31 2006 : Debug: modcall: leaving group authorize
(returns ok) for request 0
Tue Dec 12 19:07:31 2006 : Debug: auth: type Local
Tue Dec 12 19:07:31 2006 : Debug: auth: No User-Password or CHAP-Password
attribute in the request

Auth seems to fall back to local, why?

Is there any documentation available about Poptop/Radius/LDAP ?

Thanks for any hints!

Enrique


-- 
Dirk Enrique Seiffert - Lintec S.A.
Ed. Torre del Reloj - Of. 401
Plaza de los Coches, Centro
Cartagena - Colombia
http://www.lintecsa.com


-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
http://www.lintecsa.com

More information about the Freeradius-Users mailing list