freeradius, ldap error - HELP ME!

peppeska ggippone at yahoo.it
Wed Mar 21 14:45:04 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thibault Le Meur ha scritto:
> 
>> -----Message d'origine-----
>> De : 
>> freeradius-users-bounces+thibault.lemeur=supelec.fr at lists.free
>> radius.org 
>> [mailto:freeradius-users-bounces+thibault.lemeur=supelec.fr at li
>> sts.freeradius.org] De la part de peppeska
>> Envoyé : mercredi 21 mars 2007 13:44
>> À : FreeRadius users mailing list
>> Objet : Re: freeradius, ldap error - HELP ME!
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Michael Mitchell ha scritto:
>>> peppeska wrote:
>>>>>> rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, 
>>>>>> length=54
>>>                                              ^^^^^^^^^^
>>>
>>>>>> ->Where is User-Password attribute?
>>>>>  Ask the NAS.
>>>>>
>>>> what?
>>>>
>>> In this case I have a suspicion the "NAS" could be radclient...
>>>
>>> How are you sending requests to freeRADIUS?
>>>
>> Freeradius recive request from pppoe-server, I try to connect 
>> to pppoe-server from a linux box
> 
> 
> Is your pppoe-server a linux server ?
> Is your pppoe client or pppoe server configured to use ms-chap
> authentication ?
> 
> If your pppoe server is a linux box, have you checked that the radiusclient
> library contains the microsoft dictionnary as I described in my previous
> email ?



Thibault Le Meur ha scritto:
>> >> But the output now is:
>> >>
>> >> rad_recv: Access-Request packet from host 127.0.0.1:1030,
>> >> id=65, length=54
>> >>         Service-Type = Framed-User
>> >>         Framed-Protocol = PPP
>> >>         User-Name = "peppeska"
>> >>         NAS-IP-Address = 127.0.0.1
>> >>         NAS-Port = 0
>> >>
>> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> >> - ->Where is User-Password attribute?
>> >> - ------------------------------------------------
> >
> > A good question indeed, that one should be asked to your NAS  ;-)
> >
> > It's up to the NAS to send User-Password: unless it is setup to do
something
> > else (for instance MSCHAP).
> >
> > Have you setup ppp to use mschap (require-mschap-v2 option) ?
> > Are you using the radiusclient library ?

 refuse-pap
 refuse-chap
 require-mschap
 require-mschap-v2
 require-mppe

> >
> > If yes, could you check that you radiusclient dictionnary file includes
> > Microsoft attributes:
> > * check the "dictionary      <path-to-dict-file>" line of
> > /etc/radiusclient-ng/radiusclient.conf file (or
> > /etc/radiusclient/radiusclient.conf file)
> > * check that the file <path-to-dict-file> contains a reference to other
> > dictionnary files such as:
> > INCLUDE /usr/share/radiusclient-ng/dictionary.merit
> > INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
> > * check that you have these 2 extra dictionnary files (especially the
> > microsoft one)
> > ==> I've attached the two files

in my radiusclient.conf there is:

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary      /etc/radiusclient/dictionary

and in the dictonary file:
$INCLUDE /etc/radiusclient/dictionary.microsoft
$INCLUDE /etc/radiusclient/dictionary.ascend
$INCLUDE /etc/radiusclient/dictionary.compat
$INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary


But... whitout declaretion of Default Auth-Type in the users file:

rlm_ldap: user peppeska authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [peppeska/<no User-Password attribute>] (from client
localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0


- --
  <<<<---------------------------------------------------------->>>>
  |Giuseppe Moscato aka peppeska - Linux User - no html messages---|

  |donpeppiniello at tiscali.it - http://peppeska.altervista.org------|

  |Fingerprint = 90DC 05A8 2D65 BC04 BD1B  4C07 C389 434B 3201 319D|
  <<<<---------------------------------------------------------->>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGATavkA6hcnFZI/YRAtO2AKCvLofpLFkKzqJ3pHWgCB5WfU+PZQCdFCKU
5BM2fsuNTyacCHdX5z6hCjA=
=y9bX
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list