Authentication failed from Radius server
Alan DeKok
aland at deployingradius.com
Mon Jan 5 11:38:45 CET 2009
Aravind Arjunan wrote:
> Radius(freeradius) server has configured and integrated with Openldap
> server for user authentication in RHEL 5.
> Using radtest, NTRadPing and Radiustest (Utility) it is working fine. I
> got Access-Acept by using this utility.
Yes. Because they're not doing EAP. They're doing clear-text passwords.
> From the radius debug level log and slapd log i can able to see that it
> can able to fetch username and it was successful but in the case of
> userPassword authetication was getting failed.
You want to fetch the *password* from LDAP. Repeat after me: LDAP is
a database. LDAP is not an authentication server.
> How to send the User-Password in clear text format.?
You don't. Wireless access points don't work that way.
> Is there any way to decrypt the userpassword in RADIUS server which was
> coming from access point.?
No.
> here is the radius debug level log
...
> Processing the authorize section of radiusd.conf
You are running a very old version of the server. You should really
upgrade.
> users: Matched entry DEFAULT at line 157
Which sets Auth-Type := LDAP. This breaks EAP.
> *rlm_ldap: - authenticate*
> *rlm_ldap: Attribute "User-Password" is required for authentication.*
Your LDAP database doesn't do EAP. This is because it's a database.
(1) Do NOT set Auth-Type := LDAP
(2) Test it with clear-text passwords. If that works,
(3) EAP will work, too.
And you should upgrade to 2.1.3.
Alan DeKok.
More information about the Freeradius-Users
mailing list