Help

Matthew Newton mcn4 at leicester.ac.uk
Tue Apr 14 14:48:12 CEST 2015


On Tue, Apr 14, 2015 at 08:24:37AM -0400, sandy.napoles at eccmg.cupet.cu wrote:
> Hello list, Iam using freeradius VersiĆ³n: 2.1.12, and I have read some
> tutorial about freeradius + samba4 as active directory. when a user try to
> autenticate I have the follow logs....somebody can helpme.

You're doing wireless (EAP), but you've removed eap from your
configuration and broken it.

Start with a clean config. Follow the guide at

http://deployingradius.com/documents/configuration/active_directory.html

If you want to check groups etc with ldap, add that after you've
got the basic authentication working.

Matthew


> Ready to process requests.
> rad_recv: Access-Request packet from host 10.0.100.2 port 1060, id=0,
> length=181
>         Message-Authenticator = 0x87734694ee77d9806817c3a72bd970dd
>         Service-Type = Framed-User
>         User-Name = "yordan"
>         Framed-MTU = 1488
>         Called-Station-Id = "00-23-CD-C3-BD-4E:TP-LINK_C3BD4E"
>         Calling-Station-Id = "4C-BB-58-35-80-0E"
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 54Mbps 802.11g"
>         EAP-Message = 0x0200000b01796f7264616e
>         NAS-IP-Address = 192.168.1.5
>         NAS-Port = 2
>         NAS-Port-Id = "STA port # 2"
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> [ldap] performing user authorization for yordan
> [ldap]  expand: (&(sAMAccountName=%{User-Name})) ->
> (&(sAMAccountName=yordan))
> [ldap]  expand: OU=Comercializadora,OU=CUPET,DC=eccmg,DC=cupet,DC=cu ->
> OU=Comercializadora,OU=CUPET,DC=eccmg,DC=cupet,DC=cu
>   [ldap] ldap_get_conn: Checking Id: 0
>   [ldap] ldap_get_conn: Got Id: 0
>   [ldap] attempting LDAP reconnection
>   [ldap] (re)connect to 172.18.68.8:389, authentication 0
>   [ldap] bind as cn=openfire,OU=Administrador de
> Red,OU=Comercializadora,OU=CUPET,DC=eccmg,DC=cupet,DC=cu/open&^2017 to
> 172.18.68.8:389
>   [ldap] waiting for bind result ...
>   [ldap] Bind was successful
>   [ldap] performing search in
> OU=Comercializadora,OU=CUPET,DC=eccmg,DC=cupet,DC=cu, with filter
> (&(sAMAccountName=yordan))
> [ldap] No default NMAS login sequence
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that
> the user is configured correctly?
> [ldap] user yordan authorized to use remote access
>   [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
> the user
> Failed to authenticate the user.
> Login incorrect: [yordan/<no User-Password attribute>] (from client
> 10.0.100.0/24 port 2 cli 4C-BB-58-35-80-0E)
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 0 to 10.0.100.2 port 1060
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 0 with timestamp +54
> Ready to process requests.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list