Problem with PPTP and LDAP authentication.

Joey McDonald jmcdice at gmail.com
Mon Feb 6 22:06:09 CET 2006 

Hey gang,

I'm still struggling getting freeradius and LDAP working to authenticate my
PPTP users. I'd really appreciate if one of the guru's could have a look.

I've wiped my old install and installed a fresh copy of freeradius and all
the config files.

Reading the list postings it's clearly best to make as few changes as
posible to the config files. So, the bit's I've changed in radiusd.conf are
as follows:

modules {
          ldap {
                server = "ldap.mycompany.net"
                # identity = "cn=admin,o=My Org,c=UA"
                # password = mypass
                basedn = "ou=people,dc=mycompany,dc=net"
                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
                password_attribute = userPassword

I uncommented the ldap section under authenticate:

authenticate   {
...
Auth-Type LDAP {
                ldap
        }

Then, I added my client in clients.conf.

In users I added:

DEFAULT Auth-Type := LDAP
        Fall-Through = 1

Those are all the changes I've made to the default configurations.

I'm now storing my password(s) in the ldap directory in plain text. Using
radtest from another machine on the network authenticates from the LDAP
server just fine.

Authentication from my PPTP server always gives me the following:

rad_recv: Access-Request packet from host x.x.x.x:32792, id=112, length=149
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "joey"
        MS-CHAP-Challenge = 0x0a5f7e5035f0d2306105161cdf7060c4
        MS-CHAP2-Response =
0xb600a2aa1bab3836758fcf6e48643de987c900000000000000003e30dd6e4b9c0b1d9bebde2c68fbab2aa625a5246217a002
        Calling-Station-Id = "165.236.229.162"
        NAS-Identifier = "pptp"
        NAS-Port = 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
Login incorrect: [joey/<no User-Password attribute>] (from client
vpn-external port 0 cli 165.236.229.162)
Sending Access-Reject of id 112 to x.x.x.x:32792


What am I doing wrong? Thanks so much!


                     --joey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060206/8b13f63f/attachment.html>

More information about the Freeradius-Users mailing list