Help with freeradius
Felipe Silva
felipe_silva87 at yahoo.com.br
Thu Nov 5 19:27:29 CET 2009
Help please,
im trying to authenticate freeradius by doing a search on ldap and using the sambaNtpassword and then authenticate with ms-chap to provide wireless internet.
here is the log:
FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Sep 15 2009 at 11:31:29
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/eap.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client 150.164.0.0/16 {
require_message_authenticator = no
secret = "testando"
shortname = "ufmg"
}
client 127.0.0.1 {
require_message_authenticator = no
secret = "testando"
shortname = "ufmg"
}
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_ldap
Module: Instantiating ldapgrude
ldap ldapgrude {
server = "1xx.1xx.xxx.xxx"
port = 389
password = "ldapPassword"
identity = "cn=voipuser,dc=ufmg,dc=br"
net_timeout = 10
timeout = 40
timelimit = 30
tls_mode = no
start_tls = no
tls_require_cert = "allow"
basedn = "ou=people,dc=ufmg,dc=br"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectClass=sambaSAMAccount)"
auto_header = no
access_attr = "uid"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
set_auth_type = yes
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldapgrude-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldapgrude-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldapgrude
rlm_ldap: Over-riding set_auth_type, as there is no module ldapgrude listed in the "authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP userPassword mapped to RADIUS User_Password
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x8637058
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40380, id=170, length=69
User-Name = "uset"
User-Password = "testpasswd"
NAS-IP-Address = 1xx.1xx.xxx.xxx
NAS-Port = 1
+- entering group authorize {...}
++[mschap] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldapgrude] performing user authorization for testUser
[ldapgrude] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldapgrude] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testUser)
[ldapgrude] expand: ou=people,dc=ufmg,dc=br -> ou=people,dc=ufmg,dc=br
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 1xx.1xx.xxx.xxx:389, authentication 0
rlm_ldap: bind as cn=voipuser,dc=ufmg,dc=br/ldapPassword to 1xx.1xx.xxx.xxx:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,dc=ufmg,dc=br, with filter (uid=testUser)
[ldapgrude] checking if remote access for testUser is allowed by uid
[ldapgrude] looking for check items in directory...
rlm_ldap: sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U ]"
rlm_ldap: sambaNTPassword -> NT-Password == 0x9257394245343632414133453337354130387042433837323324653032453235
rlm_ldap: sambaLMPassword -> LM-Password == 0x5678394543313346423331393843423049813244424243383541313445413244
[ldapgrude] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldapgrude] user testUser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldapgrude] returns ok
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 170 to 127.0.0.1 port 40380
Waking up in 4.9 seconds.
____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091105/52586925/attachment.html>
More information about the Freeradius-Users
mailing list