freeradius, ldap error - HELP ME!
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Wed Mar 21 11:13:02 CET 2007
> But the output now is:
>
> rad_recv: Access-Request packet from host 127.0.0.1:1030,
> id=65, length=54
> Service-Type = Framed-User
> Framed-Protocol = PPP
> User-Name = "peppeska"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> - ->Where is User-Password attribute?
> - ------------------------------------------------
A good question indeed, that one should be asked to your NAS ;-)
It's up to the NAS to send User-Password: unless it is setup to do something
else (for instance MSCHAP).
Have you setup ppp to use mschap (require-mschap-v2 option) ?
Are you using the radiusclient library ?
If yes, could you check that you radiusclient dictionnary file includes
Microsoft attributes:
* check the "dictionary <path-to-dict-file>" line of
/etc/radiusclient-ng/radiusclient.conf file (or
/etc/radiusclient/radiusclient.conf file)
* check that the file <path-to-dict-file> contains a reference to other
dictionnary files such as:
INCLUDE /usr/share/radiusclient-ng/dictionary.merit
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
* check that you have these 2 extra dictionnary files (especially the
microsoft one)
==> I've attached the two files
Regards,
Thibault
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "peppeska", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry DEFAULT at line 155
> users: Matched entry DEFAULT at line 173
> users: Matched entry DEFAULT at line 185
> modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for peppeska
> radius_xlat: '(cn=peppeska)'
> radius_xlat: 'dc=example'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as cn=admin,dc=example/root to localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=example, with filter (cn=peppeska)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user peppeska authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group LDAP for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for
> authentication.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> - -> mmmmm depend to ppp version? it's possible?
> -
> ----------------------------------------------------------------------
> modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: leaving group LDAP (returns invalid) for request 0
> auth: Failed to validate the user.
> Login incorrect: [peppeska/<no User-Password attribute>]
> (from client localhost port 0) Delaying request 0 for 1
> seconds Finished request 0 Going to the next request
> - --- Walking the entire request list ---
> Waking up in 1 seconds...
> - --- Walking the entire request list ---
> Sending Access-Reject of id 65 to 127.0.0.1 port 1030
> Waking up in 2 seconds...
> - --- Walking the entire request list ---
> Cleaning up request 0 ID 65 with timestamp 4600fb5f
> Nothing to do. Sleeping until we see a request.
>
>
>
> ok.. I my ldap.attrmap contain:
>
> checkItem User-Password lmPassword
> checkItem LM-Password lmPassword
> checkItem NT-Password ntPassword
>
> And the ldap section in radiusd.conf contain:
>
> password_attribute = User-Password
>
>
> What's the problem?
>
>
> - --
> <<<<---------------------------------------------------------->>>>
> |Giuseppe Moscato aka peppeska - Linux User - no html messages---|
>
> |donpeppiniello at tiscali.it - http://peppeska.altervista.org------|
>
> |Fingerprint = 90DC 05A8 2D65 BC04 BD1B 4C07 C389 434B 3201 319D|
> <<<<---------------------------------------------------------->>>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGAP+4kA6hcnFZI/YRAgF+AKC7+GLE/xihS1DkdHcHk9pvTINsOgCgm4s8
> ejjPb/Qg2uW/D2ddqSWj0Ao=
> =cvka
> -----END PGP SIGNATURE-----
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary.merit
Type: application/octet-stream
Size: 599 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070321/6dd4c43d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary.microsoft
Type: application/octet-stream
Size: 2646 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070321/6dd4c43d/attachment-0001.obj>
More information about the Freeradius-Users
mailing list