Freeradius + LDAP auth
Old Eduardo
oldeduardo at gmail.com
Wed Nov 24 14:31:41 CET 2010
no :(
in debug only appears auth type Local
see:
Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
for ipe-dp
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion
":-". See "man unlang" for details
Wed Nov 24 08:30:54 2010 : Debug: expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: expand:
dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
ldap.intra proxy.intra localhost:389
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
RADIUS attribute Cleartext-Password ==
"{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl"
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
as RADIUS attribute NT-Password ==
0x3244413944423342333039463632333434374232384536393635374142333642
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
as RADIUS attribute LM-Password ==
0x3845433036323546444141393630353041414433423433354235313430344545
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
remote access
Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Nov 24 08:30:54 2010 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 0
Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
[ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1 seconds
Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 78 to 127.0.0.1 port 58611
Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
Cleaning up request 0 ID 78 with timestamp +5
ty for u help.
2010/11/24 Paulo Maia <phc.maia at gmail.com>
> It works ?
>
>
>
> On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo at gmail.com> wrote:
>
>> ok i found this.
>>
>> sites-enabled/default
>>
>> eap auth mode.
>>
>> 2010/11/24 Paulo Maia <phc.maia at gmail.com>
>>
>> What auth method u're trying to use ?
>>> EAP/PEAP ?
>>>
>>> Regards ,
>>>
>>>
>>>
>>> On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>
>>>> HI Paulo,
>>>>
>>>> Thanks for u reply, see below my authenticate and authorize session.
>>>>
>>>> authorize {
>>>> preprocess
>>>> mschap
>>>> ldap
>>>> }
>>>>
>>>> authenticate {
>>>> Auth-Type LDAP {
>>>> ldap
>>>> }
>>>> Auth-Type MS-CHAP {
>>>> mschap
>>>> }
>>>> }
>>>>
>>>>
>>>>
>>>> 2010/11/23 Paulo Maia <phc.maia at gmail.com>
>>>>
>>>> Show us your authorize and authenticate session . I had a problem like
>>>>> that once
>>>>>
>>>>> Regards ,
>>>>>
>>>>>
>>>>> On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>>>
>>>>>> sorry alan, i understand need to read debug.
>>>>>>
>>>>>> But, i see secret in clients and my test radtest user pass ip 0 secret
>>>>>> is corretly.
>>>>>>
>>>>>> And my other doubt is in auth type = Local, why local if i put auth
>>>>>> type LDAP in configuration? Only get local ...
>>>>>>
>>>>>> Realy sorry for this, but need u help.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> 2010/11/23 Alan DeKok <aland at deployingradius.com>
>>>>>>
>>>>>>> Old Eduardo wrote:
>>>>>>> > but i try to configure this in few weeks and no get sucess.
>>>>>>>
>>>>>>> Ask questions earlier.
>>>>>>>
>>>>>>> Or, read the debug output.
>>>>>>>
>>>>>>> > Tue Nov 23 07:37:24 2010 : Debug: WARNING: Unprintable characters
>>>>>>> in
>>>>>>> > the password. Double-check the shared secret on the server and
>>>>>>> the NAS!
>>>>>>>
>>>>>>> That message seems pretty clear.
>>>>>>>
>>>>>>> Alan DeKok.
>>>>>>> -
>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Old Eduardo ...
>>>>>>
>>>>>> make a difference ...
>>>>>>
>>>>>> -
>>>>>> List info/subscribe/unsubscribe? See
>>>>>> http://www.freeradius.org/list/users.html
>>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Old Eduardo ...
>>>>
>>>> make a difference ...
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> --
>> Old Eduardo ...
>>
>> make a difference ...
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Old Eduardo ...
make a difference ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101124/16f10fbc/attachment.html>
More information about the Freeradius-Users
mailing list