Freeradius + LDAP auth
Alan DeKok
aland at deployingradius.com
Wed Nov 24 14:54:02 CET 2010
Old Eduardo wrote:
> no :(
> in debug only appears auth type Local
Stop wasting your time.
You have NOT configured the server correctly, and you have NOT
followed instructions on this list.
> see:
> Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
You've used "radiusd -Xx". The FAQ, INSTALL, "man" page, and messages
daily on this list say to use "radiusd -X". This should be easy to do.
> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword
> as RADIUS attribute Cleartext-Password ==
> "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl"
This is wrong on many, many, levels. The password is a SSHA password,
not a Cleartext-Password. You've edited the "ldap.attrmap" file to add
the *wrong* information in it.
> Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
> Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
> NOT match local User-Password
Given your broken configuration, this is to be expected.
> Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
> Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
> [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
> Wed Nov 24 08:30:54 2010 : Debug: WARNING: Unprintable characters in
> the password. Double-check the shared secret on the server and the NAS!
You were told to fix this problem. Read the error message. It's not
hard to understand.
Until you fix your system, authentication will *always* fail.
The cause of the problem is simple and obvious. Even worse, you've
been told how to fix it. So far, you've refused to follow instructions.
If you're not going to follow the instructions given on this list,
there is *no* reason to ask questions here.
Alan DeKok.
More information about the Freeradius-Users
mailing list