freeradius eap-ttls pap ldap
emmcosta
emmcosta at gmail.com
Sat Jun 9 00:05:06 CEST 2007
Hi everyone,
I have a problem with my configuration, authorize is ok but
authentication fail.I use freeradius 1.1.6 e openldap 2.2.13 and use
windows xp for client with securew2.
My access-point is Cisco aironet 1100.
My radiusd.conf:
..........
ldap {
server = "localhost"
identity = "cn=root,dc=teste,dc=pt"
password = secret
basedn = "dc=teste,dc=pt"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
access_attr = "uid"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
set_auth_type = no
}
..............
authorize {
preprocess
ldap
pap
}
authenticate{
Auth-Type PAP {
pap
}
Auth-Type LDAP {
ldap
}
eap
}
My eap.conf:
eap{
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = yes
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
certificate_file = ${raddbdir}/certs/cert-srv.pem
# Trusted Root CA list
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
ttls {
default_eap_type = gtc
use_tunneled_reply = yes
}
}
The log:
............
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user_test
radius_xlat: '(uid=user_test)'
radius_xlat: 'dc=teste,dc=pt'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=teste,dc=pt, with filter (uid=user_test)
Waking up in 1 seconds...
Threads: total/active/spare threads = 5/1/4
rlm_ldap: checking if remote access for user_test is allowed by uid
rlm_ldap: Added password {CRYPT}HkDWb49nxN4Zo in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value
{CRYPT}HkDWb49nxN4Zo & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user gilberto authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
rlm_pap: No clear-text password in the request. Not performing PAP.
modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [user_test/<no User-Password attribute>] (from client
192.168.1.69 port 371 cli 0040.96a2.24f3)
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
--- Walking the entire request list ---
Waking up in 1 seconds...
Threads: total/active/spare threads = 5/0/5
--- Walking the entire request list ---
Sending Access-Reject of id 121 to 192.168.1.69 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 121 with timestamp 4669d1cd
Nothing to do. Sleeping until we see a request.
Anyone can help-me.
Best regards
--
/emmc
More information about the Freeradius-Users
mailing list