Freeradius + LDAP + EAP-TTLS with PAP cannot login

tnt at kalik.co.yu tnt at kalik.co.yu
Tue Jul 3 15:28:55 CEST 2007


Let's try like Yoda:

Auth-Type set you do not!!!!

Ivan Kalik
Kalik Informatika ISP



Dana 3/7/2007, "cktan at ocesb.com.my" <cktan at ocesb.com.my> piše:

>
>
>
>  
>
>
>Hi Alan,
>
>After try to remove the Auth-Type in users and let radius auto detect
>the method, also add in another 3 new attribute in ldif, below is the
>different message I get. Can you please have a look? Thanks.
>
>modcall[authorize]: module "ldap_1x" returns ok for request 4
>modcall: group Autz-Type returns ok for request 4
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
>rlm_eap: EAP-Message not found
>rlm_eap: Malformed EAP Message
>  modcall[authenticate]: module "eap" returns fail for request 4
>modcall: group authenticate returns fail for request 4
>auth: Failed to validate the user.
>
>New ldif :
>dn: uid=user, ou=People, dc=ocesb, dc=com, dc=my, dc=.
>mailLocalAddress: user at ocesb.com.my
>givenName: Tan Chee
>accountStatus: active
>radiusClass: 0x01
>objectClass: inetLocalMailRecipient
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>objectClass: radiusprofile
>objectClass: qmailUser
>objectClass: posixAccount
>objectClass: top
>objectClass: shadowAccount
>mailRoutingAddress: user at mail.ocesb.com.my
>mailQuotaSize: 2000000000
>userPassword:: b2NlYm9sZWg=
>shadowLastChange: 12745
>mailAlternateAddress: it at ocesb.com.my
>mailMessageStore: vmail/ocesb.com.my/user/Maildir/
>uid: user
>mail: user at ocesb.com.my
>uidNumber: 5000
>radiusGroupName: test
>cn: Tan Chee Keong
>radiusAuthType: EAP
>dialupAccess: Yes
>loginShell: /bin/false
>gidNumber: 5000
>shadowMax: 99999
>gecos: Tan Chee Keong
>mailHost: mailpj.ocesb.com.my
>homeDirectory: /home/vmail/ocesb.com.my/user
>sn: Keong
>
>Alan DeKok wrote:
>
>  cktan at ocesb.com.my wrote:
>...
>  
>  
>      rad_check_password:  Found Auth-Type LDAP1
>    
>  
>  
>  Why did you set that?  It's breaking EAP.
>
>  Read eap.conf.  DO NOT SET AUTH-TYPE.
>
>  This comes up so often on the list, and it's documented in so many
>places, that I'm don't understand why people still run into it.
>
>  Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
>
>
>
>--
>CK Tan
>IT Manager
>
>Optical Communication Engineering S/B
>19, Jalan Semangat,
>46200 Petaling Jaya, Selangor Darul Ehsan
>Tel: +60 3 76808000   EXT:1205
>Fax: +60 3 76808010
>H/P: +60 12 9033077
>email: cktan at ocesb.com.my
>
>
>
>




More information about the Freeradius-Users mailing list