Freeradius + LDAP auth

Old Eduardo oldeduardo at gmail.com
Tue Nov 23 13:45:05 CET 2010


Sorry list,

but i try to configure this in few weeks and no get sucess.
Realy need help for list.

im try to all sites in google, but no get sucess.

i try this:
http://blog.yufeng.net/index.php/2010/07/debian-poptop-freeradius-openldap/
http://wiki.freeradius.org/Rlm_ldap
http://mhoran.wordpress.com/2007/11/25/freeradius-on-freebsd-and-openldap/

my debug only appears:

rad_recv: Access-Request packet from host 10.12.60.32 port 35717, id=31,
length=64
 User-Name = "ipe-dp"
 User-Password = "7\271D\250yhG'E\361\t{\237\366S\347"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 1812
 Framed-Protocol = PPP
Tue Nov 23 07:37:24 2010 : Debug: +- entering group authorize
Tue Nov 23 07:37:24 2010 : Debug:   modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Tue Nov 23 07:37:24 2010 : Debug:   modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Nov 23 07:37:24 2010 : Debug: ++[preprocess] returns ok
Tue Nov 23 07:37:24 2010 : Debug:   modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: - authorize
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: performing user authorization
for ipe-dp
Tue Nov 23 07:37:24 2010 : Debug:  expand: (uid=%u) -> (uid=ipe-dp)
Tue Nov 23 07:37:24 2010 : Debug:  expand:
dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: bind as
uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
ldap.intra proxy.intra localhost:389
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: waiting for bind result ...
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: Bind was successful
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: performing search in
dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: Added User-Password =
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: No default NMAS login sequence
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: looking for check items in
directory...
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute sambaNTPassword
as RADIUS attribute NT-Password ==
0x3244413944423342333039463632333434374232384536393635374142333642
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute sambaLMPassword
as RADIUS attribute LM-Password ==
0x3845433036323546444141393630353041414433423433354235313430344545
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS
attribute Group == "ipe-dp"
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
remote access
Tue Nov 23 07:37:24 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Nov 23 07:37:24 2010 : Debug:   modsingle[authorize]: returned from ldap
(rlm_ldap) for request 0
Tue Nov 23 07:37:24 2010 : Debug: ++[ldap] returns ok
Tue Nov 23 07:37:24 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Nov 23 07:37:24 2010 : Debug: !!!    Replacing User-Password in config
items with Cleartext-Password.     !!!
Tue Nov 23 07:37:24 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Nov 23 07:37:24 2010 : Debug: !!! Please update your configuration so
that the "known good"               !!!
Tue Nov 23 07:37:24 2010 : Debug: !!! clear text password is in
Cleartext-Password, and not in User-Password. !!!
Tue Nov 23 07:37:24 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Nov 23 07:37:24 2010 : Debug: auth: type Local
Tue Nov 23 07:37:24 2010 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Tue Nov 23 07:37:24 2010 : Debug: auth: Failed to validate the user.
Tue Nov 23 07:37:24 2010 : Auth: Login incorrect:
[ipe-dp/7\271D\250yhG'E\361\t{\237\366S\347] (from client BrasilTelecom port
1812)
Tue Nov 23 07:37:24 2010 : Debug:   WARNING: Unprintable characters in the
password.    Double-check the shared secret on the server and the NAS!
Tue Nov 23 07:37:24 2010 : Debug: Delaying reject of request 0 for 1 seconds
Tue Nov 23 07:37:24 2010 : Debug: Going to the next request
Tue Nov 23 07:37:24 2010 : Debug: Waking up in 0.9 seconds.
Tue Nov 23 07:37:25 2010 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 31 to 10.12.60.32 port 35717
Tue Nov 23 07:37:25 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 10.12.60.32 port 1812, id=31,
length=20
rad_verify: Received Access-Reject packet from client 10.12.60.32 port 1812
with invalid signature (err=2)!  (Shared secret is incorrect.)

attention to auth type Local!

WHY Local if i put in configuration to auth type LDAP? Sorry, i dont
understand .

Please help.

Sorry for my bad english.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101123/906183fa/attachment.html>


More information about the Freeradius-Users mailing list