Ldap + freeradius... Again
fernando.sg1 at gmail.com
fernando.sg1 at gmail.com
Fri Mar 15 03:27:54 CET 2013
sorry man, u didnt help.
i tryed 1000 things and this actual configurations is the best i can make.
why instead so be rude with me dont try to realy help me? like send me you
default file or the orthers file to config?
i dindt do anything without to fallow guides on internet. im trying to
learn how to do.
2013/3/14 Alan DeKok <aland at deployingradius.com>
> fernando.sg1 at gmail.com wrote:
> > *now i've a problem, and this is making me crazy!*
> > *i change the /module/LDAP and now i can authenticate using plaintext or
> > when i use the passwordwith {crypt}*
> >
> > *but when i try to use {md5} this dont work!*
>
> You edited the configuration file and broke it. Don't do that.
>
> > /rad_recv: Access-Request packet from host 127.0.0.1 port 34019, id=41,
> > length=57
> > User-Name = "user3"
> > User-Password = "123"
> > NAS-IP-Address = 200.131.96.47
> > NAS-Port = 10
> > # Executing section authorize from file
> > /etc/freeradius/sites-enabled/default
> > +- entering group authorize {...}
> > [ldap] performing user authorization for user3
> > [ldap] expand: (uid=%u) -> (uid=user3)
> > [ldap] expand: dc=xxxxxxx,dc=edu,dc=br -> dc=xxxxxxx,dc=edu,dc=br
> > [ldap] ldap_get_conn: Checking Id: 0
> > [ldap] ldap_get_conn: Got Id: 0
> > [ldap] performing search in dc=xxxxxxx,dc=edu,dc=br, with filter
> > (uid=user3)
> > [ldap] checking if remote access for user3 is allowed by uid
> > [ldap] Added MD5-Password = ICy5YqxZB1uWSwcVLSNLcA== in check items
> > [ldap] No default NMAS login sequence
> > [ldap] looking for check items in directory...
> > [ldap] userPassword -> Password-With-Header ==
> > "{MD5}ICy5YqxZB1uWSwcVLSNLcA=="
> > [ldap] looking for reply items in directory...
> > [ldap] user user3 authorized to use remote access
> > [ldap] ldap_release_conn: Release Id: 0
> > ++[ldap] returns ok
>
> So... "ldap" is pretty much the only module listed in the "authorize"
> section.
>
> Why? Just... why? The comments at the top of the file you edited
> explain that butchering it is wrong.
>
> > ++[expiration] returns noop
> > ++[logintime] returns noop
>
> The "pap" module should be listed here.
>
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
>
> Because you broke the default configuration.
>
> > sorry my poor english and if my doubt is too obvious, but i'm trying to
> > solve that have 3 days and nothing.
>
> You're working VERY HARD to destroy the default configuration.
>
> If you plan on cooking a meal, you *don't* throw all of the food on
> the floor and stand on it. You follow a recipe.
>
> Throw away EVERYTHING you did. It's wrong.
>
> Then, configure the "ldap" module.
>
> The uncomment references to "ldap" in raddb/sites-available/default.
>
> It WILL WORK.
>
> The entire problem here is that you're putting huge amounts of work
> into breaking the server, and then acting surprised that it's broken.
> You would have had this working 3 days ago if you had just followed the
> documentation.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130314/5357c68f/attachment-0001.html>
More information about the Freeradius-Users
mailing list