Has anyone got CHAP authentication to LDAP working yet ?

My setup is:
I'm using the 20011029 snapshot og FreeRadius
for testing purposes I added sn as Password in the ldap.attrmap file,
and I also tried mapping CHAP-Password to the sama attribute....

PAP is working fine.
And other check items from LDAP.., e.g. radiusFramedIPAddress are working.

When I run FreeRadius in debug mode (-X) I get the following:

rad_recv: Access-Request packet from host 194.105.225.232:1645, id=234,
length=86
        NAS-IP-Address = 194.105.225.232
        NAS-Port = 20000
        NAS-Port-Type = ISDN
        User-Name = "veigar"
        Calling-Station-Id = "5685090"
        CHAP-Password =
"\002\363\363\375\315\207\234/v\340\344L\004!\303\037;"
        Service-Type = Framed-User
        Framed-Protocol = PPP
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "suffix" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for veigar
radius_xlat:  '(uid=veigar)'
radius_xlat:  'ou=People,ou=simnet.is,ou=Virtual Domains,dc=skima,dc=is'
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=[sensored]/[sensored]
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=People,ou=simnet.is,ou=Virtual
Domains,dc=skima,dc=is, with filter (uid=veigar)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sn as Password, value testing & op=11
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value
192.168.0.3 & op=11
rlm_ldap: user veigar authorized to use remote access
  modcall[authorize]: module "ldap" returns ok
    users: Matched DEFAULT at 145
    users: Matched DEFAULT at 164
    users: Matched DEFAULT at 176
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Ldap
auth: type "Ldap"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: Attribute "Password" is required for authentication. Cannot use
"CHAP-Password".
  modcall[authenticate]: module "ldap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Sending Access-Reject of id 234 to 194.105.225.232:1645
Finished request 0

Is the LDAP auth module not CHAP compatible ?

I came across a similar problem with SQL:
 http://lists.cistron.nl/archives/freeradius-users/2001/07/msg00011.html


--
Veigar Freyr
[EMAIL PROTECTED]


> Probably because you need the PLAIN TEXT password to be able to use chap.
I
> guess you're using cryptpass in ldap, which is why chap won't work.
>
> I'm not sure how to do this with the rlm_ldap module though, will need to
> check on that.  Maybe somebody else has a solution for it or has
experience
> in using chap & ldap?
>
> Haven't been spending much time on freeradius/rlm_ldap lately, need to
spend
> some more time on it :)
>
> /Peter
>
> -----Original Message-----
> From: Yildiray Ozen [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 28, 2001 3:15 PM
> To: [EMAIL PROTECTED]
> Subject: RLM_LDAP and CHAP
>
>
> Hi all,
>
> We're using the LDAP module for authenticating users.
> It works fine with PAP but it doesn't work with CHAP.
>
> Anybody has a solution for that?
>
>
> Thanks
> Ray
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to