ldap authenticate object not found

omega bk omegabk at gmail.com
Fri Mar 12 12:44:04 CET 2010 

hi,

i just want to understand.

why [ldap] Added User-Password = test  in check items , and how to replace
it by Cleartext-Password.
Is ldap returns password non crypted?
is ldap use 'Auth-Type = Local' ?

cause in my users files i just use this.

DEFAULT Huntgroup-Name == labtest8021x, Ldap-Group == labtest8021x,
User-Profile := "cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com"
                Tunnel-Type = VLAN,
                Tunnel-Medium-type = IEEE-802,
                Tunnel-Private-Group-ID = 100,
                Fall-Through = no

i don't really understand how ldap deals back information.

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=129,
length=153
    User-Name = "bernard"
    Service-Type = Framed-User
    Framed-MTU = 1500
    Called-Station-Id = "00-1A-A1-64-BB-1A"
    Calling-Station-Id = "00-18-8B-B5-26-B7"
    EAP-Message = 0x0202000c016265726e617264
    Message-Authenticator = 0xd1135be7c82704b37a76a55d1cfb5091
    Cisco-NAS-Port = "FastEthernet0/24"
    NAS-Port = 50024
    NAS-Port-Type = Ethernet
    NAS-IP-Address = 192.168.20.253
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "bernard", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  [ldap] Entering ldap_groupcmp()
[files]     expand: dc=example,dc=com -> dc=example,dc=com
[files] WARNING: Deprecated conditional expansion ":-".  See "man unlang"
for details
[files]     ... expanding second conditional
[files]     expand: %{User-Name} -> bernard
[files]     expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to 10.75.128.251:389, authentication 0
  [ldap] bind as cn=manager,ou=admins,ou=radius,dc=example,dc=com/test to
10.75.128.251:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)
  [ldap] ldap_release_conn: Release Id: 0
[files] WARNING: Deprecated conditional expansion ":-".  See "man unlang"
for details
[files]     ... expanding second conditional
[files]     expand: %{User-Name} -> bernard
[files]     expand:
(&(cn=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile)) ->
(&(cn=bernard)(objectclass=radiusprofile))
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=example,dc=com, with filter
(&(radiusGroupName=labtest8021x)(&(cn=bernard)(objectclass=radiusprofile)))
rlm_ldap::ldap_groupcmp: User found in group labtest8021x
  [ldap] ldap_release_conn: Release Id: 0
[files] users: Matched entry DEFAULT at line 72
++[files] returns ok
[ldap] performing user authorization for bernard
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
[ldap]     ... expanding second conditional
[ldap]     expand: %{User-Name} -> bernard
[ldap]     expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard)
[ldap]     expand: dc=example,dc=com -> dc=example,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=example,dc=com, with filter (cn=bernard)
  [ldap] performing search in
cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com, with filter
(objectclass=radiusprofile)
  [ldap] radiusFramedRouting -> Framed-Routing = None
  [ldap] radiusFramedIPNetmask -> Framed-IP-Netmask = 255.255.254.0
  [ldap] radiusFramedProtocol -> Framed-Protocol = PPP
  [ldap] radiusServiceType -> Service-Type = Framed-User
[ldap] Added User-Password = test  in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user bernard authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.
!!!    *=> how it's not in my users files*
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
* => how that came to local?*
WARNING: Use the PAP or CHAP modules
instead.                                        *=> same question*
No User-Password or CHAP-Password attribute in the request.
Cannot perform authentication.
Failed to authenticate the user.
Using Post-Auth-Type Reject
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
requested action.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 129 to 192.168.20.253 port 1645
    Tunnel-Type:0 = VLAN
    Tunnel-Medium-Type:0 = IEEE-802
    Tunnel-Private-Group-Id:0 = "100"
    Framed-Routing = None
    Framed-IP-Netmask = 255.255.254.0
    Framed-Protocol = PPP
    Service-Type = Framed-User
Waking up in 4.9 seconds.
Cleaning up request 0 ID 129 with timestamp +17
Ready to process requests.


thank u so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100312/cb8ae8e9/attachment.html>

More information about the Freeradius-Users mailing list