Problem with freeradius + openldap for AP authentication

Nicolas Lathiere lathiere.nicolas at outlook.com
Mon Nov 26 10:18:21 CET 2012 

Hiya

I need some help to configure freeradius with openldap. I have a ldap database
which stores password in SSHA format, so i choose PAP for authentication. I want to use freeradius to authenticate
on a netgear Wifi access point.

(http://deployingradius.com/documents/protocols/compatibility.html)

I've set up the AP in client freeradius in clients.conf, with a secret and shortname
like in documentation. 

Next i've put auto_header = yes in pap.conf
And uncomment the line ldap to activate module in /site-enable/default

When i start server in debug mode, authorization works fine but server have problems
to authentication step and i don't understand why
Here is the debug comments :

rad_recv: Access-Request packet from host 192.168.0.201 port 32774, id=85, length=169
        User-Name = "cyril"
        NAS-IP-Address = 192.168.0.201
        NAS-Identifier = "hello"
        NAS-Port = 0
        Called-Station-Id = "4C-60-DE-D2-22-61:easyBridge2"
        Calling-Station-Id = "7C-C5-37-14-16-C9"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11b"
        EAP-Message = 0x0200000e016e6c61746869657265
        Message-Authenticator = 0x2bf3ec3446adc97ea15c4c160ee8b0bbThu Nov 22 15:04:36 2012 : 

Wed Nov 21 18:39:17 2012 : Info: [ldap] looking for reply items in directory...
Wed Nov 21 18:39:17 2012 : Info: [ldap] user cyril authorized to use remote access
Wed Nov 21 18:39:17 2012 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Nov 21 18:39:17 2012 : Info: ++[ldap] returns ok
Wed Nov 21 18:39:17 2012 : Info: ++[expiration] returns noop
Wed Nov 21 18:39:17 2012 : Info: ++[logintime] returns noop
Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing NT-Password from hex encoding
Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing SSHA1-Password from base64 encoding
Wed Nov 21 18:39:17 2012 : Info: [pap] Found existing Auth-Type, not changing it.
Wed Nov 21 18:39:17 2012 : Info: ++[pap] returns noop
Wed Nov 21 18:39:17 2012 : Info: Found Auth-Type = PAP
Wed Nov 21 18:39:17 2012 : Info: +- entering group PAP {...}
Auth: [pap] Attribute "Password" is required for authentication.
Thu Nov 22 15:04:36 2012 : Info: ++[pap] returns invalid
Thu Nov 22 15:04:36 2012 : Info: Failed to authenticate the user.
Thu Nov 22 15:04:36 2012 : Auth: Login incorrect: [cyril/<via Auth-Type = PAP>] (from client WNAP320 port 0 cli 44-A7-CF-CD-C5-C7)
Thu Nov 22 15:04:36 2012 : Info: Using Post-Auth-Type Reject
Thu Nov 22 15:04:36 2012 : Info: +- entering group REJECT {...}
Thu Nov 22 15:04:36 2012 : Debug:       expand: %{User-Name} -> cyril
Thu Nov 22 15:04:36 2012 : Debug:  attr_filter: Matched entry DEFAULT at line 11
Thu Nov 22 15:04:36 2012 : Info: ++[attr_filter.access_reject] returns updated
Thu Nov 22 15:04:36 2012 : Info: Delaying reject of request 5 for 1 seconds
Thu Nov 22 15:04:36 2012 : Debug: Going to the next request
Thu Nov 22 15:04:36 2012 : Debug: Waking up in 0.9 seconds.
Thu Nov 22 15:04:37 2012 : Info: Sending delayed reject for request 5


 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121126/43308f04/attachment-0001.html>

More information about the Freeradius-Users mailing list