Ldap + freeradius... Again

fernando.sg1 at gmail.com fernando.sg1 at gmail.com
Fri Mar 15 02:49:41 CET 2013


*Lasts messages i make a lot of confusion and didnt sent to all group.*
*
*
*now i've a problem, and this is making me crazy!*
*i change the /module/LDAP and now i can authenticate using plaintext or
when i use the passwordwith {crypt}*
*
*
*but when i try to use {md5} this dont work!*

*rad_recv: Access-Request packet from host 127.0.0.1 port 34019, id=41,
length=57
User-Name = "user3"
User-Password = "123"
NAS-IP-Address = 200.131.96.47
NAS-Port = 10
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[ldap] performing user authorization for user3
[ldap] expand: (uid=%u) -> (uid=user3)
[ldap] expand: dc=xxxxxxx,dc=edu,dc=br -> dc=xxxxxxx,dc=edu,dc=br
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=xxxxxxx,dc=edu,dc=br, with filter
(uid=user3)
[ldap] checking if remote access for user3 is allowed by uid
[ldap] Added MD5-Password = ICy5YqxZB1uWSwcVLSNLcA== in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header ==
"{MD5}ICy5YqxZB1uWSwcVLSNLcA=="
[ldap] looking for reply items in directory...
[ldap] user user3 authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the u ser
Failed to authenticate the user.
Login incorrect: [user3/123] (from client localhost port 10)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
++[ldap] returns noop
Delaying reject of request 1 for 1 seconds
Going to the next request
*
*if i change the encryptation to {crypt} this works**
*
*obviously i need to change the db on LDAP to crypt*

*[ldap] userPassword -> Password-With-Header == "{CRYPT}WcViQmlg3nI4c"
[ldap] looking for reply items in directory...
[ldap] user user1 authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop*


*but all my database is using md5.*
*i look my DB and see the MD5 isnt stored on base64 mode like the
freeradius / PAP generate.*
*when i export a lidff of a user i can see the password i see in base64.*
*what i'm making wrong?*
*if i use clear password works too.*


sorry my poor english and if my doubt is too obvious, but i'm trying to
solve that have 3 days and nothing.
thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130314/79dfb787/attachment.html>


More information about the Freeradius-Users mailing list