no authenticate step ...
Michael Arndt
michael.arndt at berlin.de
Thu Apr 7 12:58:55 CEST 2011
hello *
i try to transfer a working configuration from an very old (1.x) freeradius
version to a more recent radius version:
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 14 2010 at 21:14:10
My problem: after authenticate against ldap and auth-type = ldap is
set, no authorize step is done
the next step happening is trying the next entry from the users file
expected: authenticate with bind as user and password hash of the user
against ldap
here the snippet from debug log i assume relevant:
hu Apr 7 12:45:28 2011 : Info: [auth_log] expand: %t -> Thu Apr 7 12:45:28 2011
Thu Apr 7 12:45:28 2011 : Info: ++[auth_log] returns ok
Thu Apr 7 12:45:28 2011 : Info: ++[mschap] returns noop
Thu Apr 7 12:45:28 2011 : Info: [suffix] No '@' in User-Name = "pilot00001", looking up realm NULL
Thu Apr 7 12:45:28 2011 : Info: [suffix] No such realm "NULL"
Thu Apr 7 12:45:28 2011 : Info: ++[suffix] returns noop
Thu Apr 7 12:45:28 2011 : Info: [ldap] performing user authorization for pilot00001
Thu Apr 7 12:45:28 2011 : Info: [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
Thu Apr 7 12:45:28 2011 : Info: [ldap] ... expanding second conditional
Thu Apr 7 12:45:28 2011 : Info: [ldap] expand: %{User-Name} -> pilot00001
Thu Apr 7 12:45:28 2011 : Info: [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=pilot00001)
Thu Apr 7 12:45:28 2011 : Info: [ldap] expand: l=Berlin,dc=de,o=ABC-> l=Berlin,dc=de,o=ABC
Thu Apr 7 12:45:28 2011 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Thu Apr 7 12:45:28 2011 : Debug: [ldap] ldap_get_conn: Got Id: 0
Thu Apr 7 12:45:28 2011 : Debug: [ldap] attempting LDAP reconnection
Thu Apr 7 12:45:28 2011 : Debug: [ldap] (re)connect to 10.128.1.1:389, authentication 0
Thu Apr 7 12:45:28 2011 : Debug: [ldap] bind as cn=Manager,o=ABC/xyz to 10.128.1.1:389
Thu Apr 7 12:45:28 2011 : Debug: [ldap] waiting for bind result ...
Thu Apr 7 12:45:28 2011 : Debug: [ldap] Bind was successful
Thu Apr 7 12:45:28 2011 : Debug: [ldap] performing search in l=Berlin,dc=de,o=ABC, with filter (uid=pilot00001)
Thu Apr 7 12:45:28 2011 : Info: [ldap] No default NMAS login sequence
Thu Apr 7 12:45:28 2011 : Info: [ldap] looking for check items in directory...
Thu Apr 7 12:45:28 2011 : Debug: [ldap] userPassword -> Password-With-Header == "{MD5}hashvalueD1xtOw==" <- the sequence after the hashed pw astonishes me, the D1xt0w
Thu Apr 7 12:45:28 2011 : Info: [ldap] looking for reply items in directory...
Thu Apr 7 12:45:28 2011 : Info: [ldap] Setting Auth-Type = LDAP
Thu Apr 7 12:45:28 2011 : Info: [ldap] user pilot00001 authorized to use remote access
Thu Apr 7 12:45:28 2011 : Debug: [ldap] ldap_release_conn: Release Id: 0
Thu Apr 7 12:45:28 2011 : Info: ++[ldap] returns ok
Thu Apr 7 12:45:28 2011 : Info: [eap] No EAP-Message, not doing EAP
Thu Apr 7 12:45:28 2011 : Info: ++[eap] returns noop
... next line / match in users file is done next
...in the old config next step was authenticate
So clearly i do a mistake and have overlooked a neccessary config option
any hints where to look next ?
The hint to transfer a deprecated expression from users file to unlang
will be done when i succeed with auth
TIA
Micha
More information about the Freeradius-Users
mailing list