Freeradius + LDAP auth

Paulo Maia phc.maia at gmail.com
Wed Nov 24 14:51:08 CET 2010


comment everything the users file .
Brasileiro mano ?

On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo <oldeduardo at gmail.com> wrote:

> no :(
> in debug only appears auth type Local
> see:
> Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling
> preprocess (rlm_preprocess) for request 0
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
> preprocess (rlm_preprocess) for request 0
> Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling mschap
> (rlm_mschap) for request 0
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
> mschap (rlm_mschap) for request 0
> Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling ldap
> (rlm_ldap) for request 0
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
> for ipe-dp
> Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional expansion
> ":-".  See "man unlang" for details
> Wed Nov 24 08:30:54 2010 : Debug:  expand:
> (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp)
> Wed Nov 24 08:30:54 2010 : Debug:  expand:
> dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
> proxy.intra localhost:389, authentication 0
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
> uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
> ldap.intra proxy.intra localhost:389
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
> dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
> {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
> directory...
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
> RADIUS attribute Cleartext-Password ==
> "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl"
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
> as RADIUS attribute NT-Password ==
> 0x3244413944423342333039463632333434374232384536393635374142333642
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
> as RADIUS attribute LM-Password ==
> 0x3845433036323546444141393630353041414433423433354235313430344545
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
> directory...
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
> remote access
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id:
> 0
> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
> ldap (rlm_ldap) for request 0
> Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
> Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
> Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
> NOT match local User-Password
> Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
> Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
> [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
> Wed Nov 24 08:30:54 2010 : Debug:   WARNING: Unprintable characters in the
> password.    Double-check the shared secret on the server and the NAS!
> Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1
> seconds
> Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
> Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
> Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
> Sending Access-Reject of id 78 to 127.0.0.1 port 58611
> Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
> length=20
> rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
> with invalid signature (err=2)!  (Shared secret is incorrect.)
> ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
> Cleaning up request 0 ID 78 with timestamp +5
> ty for u help.
>
> 2010/11/24 Paulo Maia <phc.maia at gmail.com>
>
>> It works ?
>>
>>
>>
>> On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>
>>> ok i found this.
>>>
>>> sites-enabled/default
>>>
>>> eap auth mode.
>>>
>>> 2010/11/24 Paulo Maia <phc.maia at gmail.com>
>>>
>>> What auth method u're trying to use ?
>>>> EAP/PEAP ?
>>>>
>>>> Regards ,
>>>>
>>>>
>>>>
>>>> On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>>
>>>>> HI Paulo,
>>>>>
>>>>> Thanks for u reply, see below my authenticate and authorize session.
>>>>>
>>>>> authorize {
>>>>>         preprocess
>>>>>         mschap
>>>>>         ldap
>>>>> }
>>>>>
>>>>> authenticate {
>>>>>         Auth-Type LDAP {
>>>>>                 ldap
>>>>>         }
>>>>>        Auth-Type MS-CHAP {
>>>>>                mschap
>>>>>        }
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> 2010/11/23 Paulo Maia <phc.maia at gmail.com>
>>>>>
>>>>> Show us your authorize and authenticate session . I had a problem like
>>>>>> that once
>>>>>>
>>>>>> Regards ,
>>>>>>
>>>>>>
>>>>>> On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>>>>
>>>>>>> sorry alan, i understand need to read debug.
>>>>>>>
>>>>>>> But, i see secret in clients and my test radtest user pass ip 0
>>>>>>> secret is corretly.
>>>>>>>
>>>>>>> And my other doubt is in auth type = Local, why local if i put auth
>>>>>>> type LDAP in configuration? Only get local ...
>>>>>>>
>>>>>>> Realy sorry for this, but need u help.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>>
>>>>>>> 2010/11/23 Alan DeKok <aland at deployingradius.com>
>>>>>>>
>>>>>>>> Old Eduardo wrote:
>>>>>>>> > but i try to configure this in few weeks and no get sucess.
>>>>>>>>
>>>>>>>>  Ask questions earlier.
>>>>>>>>
>>>>>>>>  Or, read the debug output.
>>>>>>>>
>>>>>>>> > Tue Nov 23 07:37:24 2010 : Debug:   WARNING: Unprintable
>>>>>>>> characters in
>>>>>>>> > the password.    Double-check the shared secret on the server and
>>>>>>>> the NAS!
>>>>>>>>
>>>>>>>>  That message seems pretty clear.
>>>>>>>>
>>>>>>>>  Alan DeKok.
>>>>>>>> -
>>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Old Eduardo ...
>>>>>>>
>>>>>>> make a difference ...
>>>>>>>
>>>>>>> -
>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>
>>>>>>
>>>>>>
>>>>>> -
>>>>>> List info/subscribe/unsubscribe? See
>>>>>> http://www.freeradius.org/list/users.html
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Old Eduardo ...
>>>>>
>>>>> make a difference ...
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>>
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>>
>>>
>>>
>>> --
>>> Old Eduardo ...
>>>
>>> make a difference ...
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Old Eduardo ...
>
> make a difference ...
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101124/daa4d710/attachment.html>


More information about the Freeradius-Users mailing list