freeradius, ldap error - HELP ME!

peppeska ggippone at yahoo.it
Wed Mar 21 16:19:46 CET 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> Thibault Le Meur ha scritto:

>>>>
>>>> Have you setup ppp to use mschap (require-mschap-v2 option) ? Are 
>>>> you using the radiusclient library ?
>>  refuse-pap
>>  refuse-chap
>>  require-mschap
>>  require-mschap-v2
>>  require-mppe
> 
> 
> Ok so that your NAS don't have to send User-Password but a MS-CHAP challenge
> instead: that's what I thought.
> 

oooooooooook


>> and in the dictonary file:
>> $INCLUDE /etc/radiusclient/dictionary.microsoft
>> $INCLUDE /etc/radiusclient/dictionary.ascend
>> $INCLUDE /etc/radiusclient/dictionary.compat
>> $INCLUDE /etc/radiusclient/dictionary.merit
>> $INCLUDE /usr/share/freeradius/dictionary
> 
> Don't write "$INCLUDE" but "INCLUDE" without the "$": this is the syntax for
> radiusclient.

Now.. without "$"
> 
> 
>> But... whitout declaretion of Default Auth-Type in the users file:
>>
>> rlm_ldap: user peppeska authorized to use remote access
>> rlm_ldap: ldap_release_conn: Release Id: 0
>>   modcall[authorize]: module "ldap" returns ok for request 0
>> modcall: leaving group authorize (returns ok) for request 0
>> auth: No authenticate method (Auth-Type) configuration found for the
>> request: Rejecting the user
>> auth: Failed to validate the user.
>> Login incorrect: [peppeska/<no User-Password attribute>] 
>> (from client localhost port 0) Delaying request 0 for 1 
>> seconds Finished request 0
> 
> Sure, because Auth-Type must be set to MS-CHAP (automatically, don't use
> Auth-Type:=): this will be the case if FR receives MS-CHAP challenge.
> 

ooooooooooook

the /etc/freeradius/users file now contain:

DEFAULT Auth-Type = "MS-CHAP"
        Fall-Through = yes


> But this can work only if radiusclient knows the MS-CHAP Radius attributes,
> which is not the case for the momenet (see above the INCLUDE issue).
> 

Well.. I try now... and....(roll of drumps):

Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.

NOTHING!!!! the freeradius don't recive request (uff)

and:

debian:~# plog
Mar 21 16:13:52 debian pppd[3885]: sent [LCP TermAck id=0x2]
Mar 21 16:13:52 debian pppd[3885]: rcvd [LCP TermAck id=0x2]
Mar 21 16:13:52 debian pppd[3885]: Connection terminated.
Mar 21 16:13:52 debian pppd[3885]: Waiting for 1 child processes...
Mar 21 16:13:52 debian pppd[3885]:   script /usr/sbin/pppoe -n -I eth1
- -e 2:32:c8:93:a2:15:29 -T 60 -S '', pid 3886
Mar 21 16:13:52 debian pppd[3885]: Script /usr/sbin/pppoe -n -I eth1 -e
2:32:c8:93:a2:15:29 -T 60 -S '' finished (pid 3886), status = 0x1
Mar 21 16:13:52 debian pppd[3885]: Exit.
debian:~#

MMM damn! why freeradius don't want work with me?

P.S.
without the Deafult Auth-Type in the users file...it's the same...
If I put $INCLUDE instead INCLUDE... work like before...

and now?




- --
  <<<<---------------------------------------------------------->>>>
  |Giuseppe Moscato aka peppeska - Linux User - no html messages---|

  |donpeppiniello at tiscali.it - http://peppeska.altervista.org------|

  |Fingerprint = 90DC 05A8 2D65 BC04 BD1B  4C07 C389 434B 3201 319D|
  <<<<---------------------------------------------------------->>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGAU0RkA6hcnFZI/YRAtfvAJ4nxFC9JTgLR1FEJ6E1eyMxP/yXWwCeKDYZ
sFZqyoJilQMJxh7wxCHoWyI=
=ZmIX
-----END PGP SIGNATURE-----

More information about the Freeradius-Users mailing list