AP->FR->LDAP authentication

Julie chenj at ssc.ucla.edu
Sat Mar 17 00:23:26 CET 2012 

I'm new to FreeRadius and trying to setup the server to authenticate using
LDAP. I'm having some problem and hope to get some help from the list. 

I'm trying to setup AP->FR->LDAP.  Both FreeRadius and LDAP are new
installation on CentOS. I tried to follow the installation for FR and test
each steps. test accounts are created in both user file and LDAP database.
radtest are successful with both accounts.

The problem is when I try to authenticate through AP. The debug log shows
Failed to authenticate the user. here is the log file.

# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "julietest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for julietest
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> julietest
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=julietest)
[ldap]  expand: ou=xxx,dc=xxxx,dc=xxx,dc=xxx -> ou=xxx,dc=xxx,dc=xxx,dc=xxx
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=xxx,dc=xxx,dc=xxx,dc=xxx, with filter
(uid=julietest)
[ldap] looking for check items in directory...
  [ldap] userPassword -> Password-With-Header ==
"{crypt}$1$svVH/H.V$S02th.oBG7iQV0UtFBcVx1"
[ldap] looking for reply items in directory...
[ldap] user julietest authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: julietest
[mschap] Told to do MS-CHAPv2 for julietest with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
        MS-CHAP-Error = "\202E=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}

Thank you very much for your time and help.

Best,
Julie

--
View this message in context: http://freeradius.1045715.n5.nabble.com/AP-FR-LDAP-authentication-tp5572785p5572785.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list