Freeradius + LDAP auth

Old Eduardo oldeduardo at gmail.com
Wed Nov 24 17:35:11 CET 2010 

Opa e ae blz?

Vou fazer isso amanha, te mandei para teu email todo o diretorio do
freeradius para voce dar uma olhada nos confs, estou ha 3 semanas tentando
fazer essa implementacao e nao consigo cara.

amanha de manha vou la tentar denovo.

obrigado pela forca.

2010/11/24 Paulo Maia <phc.maia at gmail.com>

> comment everything the users file .
> Brasileiro mano ?
>
>
> On Wed, Nov 24, 2010 at 9:31 AM, Old Eduardo <oldeduardo at gmail.com> wrote:
>
>> no :(
>> in debug only appears auth type Local
>> see:
>> Wed Nov 24 08:30:54 2010 : Debug: +- entering group authorize
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling
>> preprocess (rlm_preprocess) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
>> preprocess (rlm_preprocess) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug: ++[preprocess] returns ok
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling mschap
>> (rlm_mschap) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
>> mschap (rlm_mschap) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug: ++[mschap] returns noop
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: calling ldap
>> (rlm_ldap) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: - authorize
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing user authorization
>> for ipe-dp
>> Wed Nov 24 08:30:54 2010 : Debug: WARNING: Deprecated conditional
>> expansion ":-".  See "man unlang" for details
>> Wed Nov 24 08:30:54 2010 : Debug:  expand:
>> (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=ipe-dp)
>> Wed Nov 24 08:30:54 2010 : Debug:  expand:
>> dc=policiacivil,dc=rs,dc=gov,dc=br -> dc=policiacivil,dc=rs,dc=gov,dc=br
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: attempting LDAP reconnection
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
>> proxy.intra localhost:389, authentication 0
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: bind as
>> uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br/dfjk129!@ to
>> ldap.intra proxy.intra localhost:389
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: waiting for bind result ...
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Bind was successful
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: performing search in
>> dc=policiacivil,dc=rs,dc=gov,dc=br, with filter (uid=ipe-dp)
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: Added User-Password =
>> {SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl in check items
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: No default NMAS login sequence
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for check items in
>> directory...
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute userpassword as
>> RADIUS attribute Cleartext-Password ==
>> "{SSHA}dd3MzvDRyDeyeuDkPTy391H3FX2vynZl"
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaNtPassword
>> as RADIUS attribute NT-Password ==
>> 0x3244413944423342333039463632333434374232384536393635374142333642
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: LDAP attribute sambaLmPassword
>> as RADIUS attribute LM-Password ==
>> 0x3845433036323546444141393630353041414433423433354235313430344545
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: looking for reply items in
>> directory...
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: user ipe-dp authorized to use
>> remote access
>> Wed Nov 24 08:30:54 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id:
>> 0
>> Wed Nov 24 08:30:54 2010 : Debug:   modsingle[authorize]: returned from
>> ldap (rlm_ldap) for request 0
>> Wed Nov 24 08:30:54 2010 : Debug: ++[ldap] returns ok
>> Wed Nov 24 08:30:54 2010 : Debug: auth: type Local
>> Wed Nov 24 08:30:54 2010 : Debug: auth: user supplied User-Password does
>> NOT match local User-Password
>> Wed Nov 24 08:30:54 2010 : Debug: auth: Failed to validate the user.
>> Wed Nov 24 08:30:54 2010 : Auth: Login incorrect:
>> [ipe-dp/\367ҿb5�?\327H6*c\244:\301\245] (from client localhost port 0)
>> Wed Nov 24 08:30:54 2010 : Debug:   WARNING: Unprintable characters in the
>> password.    Double-check the shared secret on the server and the NAS!
>> Wed Nov 24 08:30:54 2010 : Debug: Delaying reject of request 0 for 1
>> seconds
>> Wed Nov 24 08:30:54 2010 : Debug: Going to the next request
>> Wed Nov 24 08:30:54 2010 : Debug: Waking up in 0.9 seconds.
>> Wed Nov 24 08:30:55 2010 : Debug: Sending delayed reject for request 0
>> Sending Access-Reject of id 78 to 127.0.0.1 port 58611
>> Wed Nov 24 08:30:55 2010 : Debug: Waking up in 4.9 seconds.
>> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=78,
>> length=20
>> rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
>> with invalid signature (err=2)!  (Shared secret is incorrect.)
>> ^Cdebian:/etc/freeradius/sites-enabled# Wed Nov 24 08:31:00 2010 : Debug:
>> Cleaning up request 0 ID 78 with timestamp +5
>> ty for u help.
>>
>>   2010/11/24 Paulo Maia <phc.maia at gmail.com>
>>
>>> It works ?
>>>
>>>
>>>
>>> On Wed, Nov 24, 2010 at 8:47 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>
>>>> ok i found this.
>>>>
>>>> sites-enabled/default
>>>>
>>>> eap auth mode.
>>>>
>>>> 2010/11/24 Paulo Maia <phc.maia at gmail.com>
>>>>
>>>> What auth method u're trying to use ?
>>>>> EAP/PEAP ?
>>>>>
>>>>> Regards ,
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Nov 24, 2010 at 7:52 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>>>
>>>>>> HI Paulo,
>>>>>>
>>>>>> Thanks for u reply, see below my authenticate and authorize session.
>>>>>>
>>>>>> authorize {
>>>>>>         preprocess
>>>>>>         mschap
>>>>>>         ldap
>>>>>> }
>>>>>>
>>>>>> authenticate {
>>>>>>         Auth-Type LDAP {
>>>>>>                 ldap
>>>>>>         }
>>>>>>        Auth-Type MS-CHAP {
>>>>>>                mschap
>>>>>>        }
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2010/11/23 Paulo Maia <phc.maia at gmail.com>
>>>>>>
>>>>>> Show us your authorize and authenticate session . I had a problem like
>>>>>>> that once
>>>>>>>
>>>>>>> Regards ,
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Nov 23, 2010 at 9:49 AM, Old Eduardo <oldeduardo at gmail.com>wrote:
>>>>>>>
>>>>>>>> sorry alan, i understand need to read debug.
>>>>>>>>
>>>>>>>> But, i see secret in clients and my test radtest user pass ip 0
>>>>>>>> secret is corretly.
>>>>>>>>
>>>>>>>> And my other doubt is in auth type = Local, why local if i put auth
>>>>>>>> type LDAP in configuration? Only get local ...
>>>>>>>>
>>>>>>>> Realy sorry for this, but need u help.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>>
>>>>>>>> 2010/11/23 Alan DeKok <aland at deployingradius.com>
>>>>>>>>
>>>>>>>>> Old Eduardo wrote:
>>>>>>>>> > but i try to configure this in few weeks and no get sucess.
>>>>>>>>>
>>>>>>>>>  Ask questions earlier.
>>>>>>>>>
>>>>>>>>>  Or, read the debug output.
>>>>>>>>>
>>>>>>>>> > Tue Nov 23 07:37:24 2010 : Debug:   WARNING: Unprintable
>>>>>>>>> characters in
>>>>>>>>> > the password.    Double-check the shared secret on the server and
>>>>>>>>> the NAS!
>>>>>>>>>
>>>>>>>>>  That message seems pretty clear.
>>>>>>>>>
>>>>>>>>>  Alan DeKok.
>>>>>>>>> -
>>>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Old Eduardo ...
>>>>>>>>
>>>>>>>> make a difference ...
>>>>>>>>
>>>>>>>> -
>>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -
>>>>>>> List info/subscribe/unsubscribe? See
>>>>>>> http://www.freeradius.org/list/users.html
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Old Eduardo ...
>>>>>>
>>>>>> make a difference ...
>>>>>>
>>>>>> -
>>>>>> List info/subscribe/unsubscribe? See
>>>>>> http://www.freeradius.org/list/users.html
>>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Old Eduardo ...
>>>>
>>>> make a difference ...
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> --
>> Old Eduardo ...
>>
>> make a difference ...
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Old Eduardo ...

make a difference ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101124/157e654c/attachment.html>

More information about the Freeradius-Users mailing list