user-Password required for ldap radius

kalesameer kale.sameer.s at gmail.com
Fri Apr 3 06:42:15 CEST 2009


I had same problem few days back...I think its problem of certificate. plz
check the client certificate you have selected on your laptop.......


Basant Agarwal wrote:
> 
> Hello,  I am trying to authenticate wifi users for wireless network ...
> for
> this i am using freeradius with ldap...
>  When we run radtest on localhost, it is able to get authorised and
> authenticated .. it works fine but when i try from laptop(windows ) then
> it
> rejects the same user...
> please let me know what to do ...??
> 
> 
> here is the debug output ..
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 172.16.1.80:1122, id=0,
> length=204
>     Message-Authenticator = 0x3f459af06e42a2a0b7cf9c1d80092e31
>     Service-Type = Framed-User
>     User-Name = "testap"
>     Framed-MTU = 1488
>     Called-Station-Id = "00-15-E9-C9-F3-80:MNIT-DC-AP"
>     Calling-Station-Id = "00-16-6F-7C-DB-2D"
>     NAS-Identifier = "D-link Corp. Access Point"
>     NAS-Port-Type = Wireless-802.11
>     Connect-Info = "CONNECT 54Mbps 802.11g"
>     EAP-Message = 0x0200000b01746573746170
>     NAS-IP-Address = 172.16.1.80
>     NAS-Port = 1
>     NAS-Port-Id = "STA port # 1"
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "testap", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: EAP packet type response id 0 length 11
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>   modcall[authorize]: module "eap" returns updated for request 0
>     users: Matched entry DEFAULT at line 153
>     users: Matched entry DEFAULT at line 159
>     users: Matched entry DEFAULT at line 177
>   modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testap
> radius_xlat:  '(uid=testap)'
> radius_xlat:  'dc=mnit,dc=ac,dc=in'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 172.16.1.20:389, authentication 0
> rlm_ldap: bind as uid=admin,ou=people,dc=mnit,dc=ac,dc=in/system to
> 172.16.1.20:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=mnit,dc=ac,dc=in, with filter
> (uid=testap)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user testap authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 0
> modcall: leaving group authorize (returns updated) for request 0
>   rad_check_password:  Found Auth-Type ldap
> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group LDAP for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
>   modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: leaving group LDAP (returns invalid) for request 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 0 to 172.16.1.80  <http://172.16.1.80/>port
> 1122
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 0 with timestamp 46b1b8cb
> Nothing to do.  Sleeping until we see a request.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 

-- 
View this message in context: http://www.nabble.com/user-Password-required-for-ldap-radius-tp22861643p22861786.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list