Authentication failed from Radius server

Alan DeKok aland at deployingradius.com
Mon Jan 5 11:38:45 CET 2009


Aravind Arjunan wrote:
> Radius(freeradius)  server has configured and integrated with Openldap
> server  for user authentication in RHEL 5.
> Using radtest, NTRadPing and Radiustest (Utility) it is working fine.  I
> got Access-Acept by using this utility.

  Yes.  Because they're not doing EAP.  They're doing clear-text passwords.

> From the radius debug level log and slapd log i can able to see that it
> can able to fetch  username and it was successful but in the case of
> userPassword authetication was getting failed.

  You want to fetch the *password* from LDAP.  Repeat after me: LDAP is
a database.  LDAP is not an authentication server.

> How to send the User-Password in clear text format.?

  You don't.  Wireless access points don't work that way.

> Is there any way to decrypt the userpassword in RADIUS server which was
> coming from access point.?

  No.

> here is the radius debug level log
...
>   Processing the authorize section of radiusd.conf

  You are running a very old version of the server.  You should really
upgrade.

>     users: Matched entry DEFAULT at line 157

  Which sets Auth-Type := LDAP.  This breaks EAP.

> *rlm_ldap: - authenticate* 
> *rlm_ldap: Attribute "User-Password" is required for authentication.*

  Your LDAP database doesn't do EAP.  This is because it's a database.


  (1) Do NOT set Auth-Type := LDAP
  (2) Test it with clear-text passwords.  If that works,
  (3) EAP will work, too.

  And you should upgrade to 2.1.3.

  Alan DeKok.



More information about the Freeradius-Users mailing list