Has anyone got CHAP authentication to LDAP working yet ?
My setup is:
I'm using the 20011029 snapshot og FreeRadius
for testing purposes I added sn as Password in the ldap.attrmap file,
and I also tried mapping CHAP-Password to the sama attribute....
PAP is working fine.
And other check items from LDAP.., e.g. radiusFramedIPAddress are working.
When I run FreeRadius in debug mode (-X) I get the following:
rad_recv: Access-Request packet from host 194.105.225.232:1645, id=234,
length=86
NAS-IP-Address = 194.105.225.232
NAS-Port = 20000
NAS-Port-Type = ISDN
User-Name = "veigar"
Calling-Station-Id = "5685090"
CHAP-Password =
"\002\363\363\375\315\207\234/v\340\344L\004!\303\037;"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for veigar
radius_xlat: '(uid=veigar)'
radius_xlat: 'ou=People,ou=simnet.is,ou=Virtual Domains,dc=skima,dc=is'
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=[sensored]/[sensored]
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=People,ou=simnet.is,ou=Virtual
Domains,dc=skima,dc=is, with filter (uid=veigar)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sn as Password, value testing & op=11
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.0.3 & op=11
rlm_ldap: user veigar authorized to use remote access
modcall[authorize]: module "ldap" returns ok
users: Matched DEFAULT at 145
users: Matched DEFAULT at 164
users: Matched DEFAULT at 176
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Ldap
auth: type "Ldap"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: Attribute "Password" is required for authentication. Cannot use
"CHAP-Password".
modcall[authenticate]: module "ldap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Sending Access-Reject of id 234 to 194.105.225.232:1645
Finished request 0
Is the LDAP auth module not CHAP compatible ?
I came across a similar problem with SQL:
http://lists.cistron.nl/archives/freeradius-users/2001/07/msg00011.html
--
Veigar Freyr
[EMAIL PROTECTED]
> Probably because you need the PLAIN TEXT password to be able to use chap.
I
> guess you're using cryptpass in ldap, which is why chap won't work.
>
> I'm not sure how to do this with the rlm_ldap module though, will need to
> check on that. Maybe somebody else has a solution for it or has
experience
> in using chap & ldap?
>
> Haven't been spending much time on freeradius/rlm_ldap lately, need to
spend
> some more time on it :)
>
> /Peter
>
> -----Original Message-----
> From: Yildiray Ozen [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 3:15 PM
> To: [EMAIL PROTECTED]
> Subject: RLM_LDAP and CHAP
>
>
> Hi all,
>
> We're using the LDAP module for authenticating users.
> It works fine with PAP but it doesn't work with CHAP.
>
> Anybody has a solution for that?
>
>
> Thanks
> Ray
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
