RADIUS + LDAP authentication problem
Alan DeKok
aland at deployingradius.com
Wed Apr 25 13:38:37 CEST 2012
Alexander Kulbiy wrote:
> I'm trying to configure RADIUS server that would be used for
> authentication of users in Wi-Fi network with WPA-enterprise encryption.
> To do this I'm trying to use EAP + LDAP inside of freeradius.
> The problem is that I see in log:
You edited the default configuration and broke it. Don't do that.
> ttls] Sending tunneled request
> User-Name = "alexander.duts"
> MS-CHAP-Challenge = 0xa6d98f587da2024f7a6513f2e991d261
> MS-CHAP2-Response = 0x7a004794198aef4fbcb66d3e389079ed41560000000000000000fa8c2cdf0c49219574c0826b377c9d6ca977ece95f465ae4
> FreeRADIUS-Proxied-To = 127.0.0.1
>server {
># Executing section authorize from file /etc/freeradius/sites-enabled/default
This is catastrophically broken.
WHY did you edit the TTLS configuration and break it?
> ttls {
> default_eap_type = "gtc"
> copy_request_to_tunnel = no
> use_tunneled_reply = no
> include_length = yes
> }
It SHOULD have:
virtual_server = "inner-tunnel"
You deleted that. That's wrong.
And you broke more, too:
...
> [ldap] ldap_get_conn: Checking Id: 0
> [ldap] ldap_get_conn: Got Id: 0
> [ldap] performing search in ou=People,dc=wildix,dc=local, with filter
> (cn=alexander.duts)
> [ldap] No default NMAS login sequence
> [ldap] looking for check items in directory...
> [ldap] userPassword -> Password-With-Header ==
> "{MD5}ibKj45B56xWdI2wgngTn5A=="
> [ldap] looking for reply items in directory...
> [ldap] user alexander.duts authorized to use remote access
> [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] returns ok
> ERROR: No authenticate method (Auth-Type) found for the request:
The last error is produced by the server core when it can't find an
Auth-Type for the user.
The *previous* line SHOULD HAVE BEEN the "pap" module. You deleted
that from the file raddb/sites-enabled/default.
Why?
> Does anyone have idea what could be the problem?
You did a lot of work to break the server. Don't do that.
The default configuration works. Change as little as possible.
If you don't understand something, don't change it.
Alan DeKok.
More information about the Freeradius-Users
mailing list