Hiya,

I am trying to get freeradius 0.4 to support the 
following setup.. 

Username and password for each user are stored in 
cleartext in an ldap server. The free radius server
should support obtaining this information from ldap 
via a TLS connection and authenticating the user
using Password, PAP, Chap, MS-Chap, MS-Chap2, and 
EAP-MD5. 

I got ldap authentication working using PAP/Password
but none of the other protocols seem to work. I am sure 
I am messing up the config files bigtime. 

Can anyone point out where I am going wrong? 

Thanks.. Mike

Users file
-----------------
DEFAULT Auth-Type := LDAP
        Fall-Through = Yes
DEFAULT Auth-Type := MSCHAP
        Fall-Through = Yes
DEFAULT Auth-Type := CHAP
        Fall-Through = Yes

# Defaults for all connections.

DEFAULT Service-Type == Framed-User
        Framed-Protocol = PPP,
        Framed-Netmask = 255.255.255.0,
        Framed-Routing = None,
        Ascend-Route-IP = Route-IP-Yes,
        Ascend-Bridge = Bridge-Yes,
        Ascend-Assign-IP-Pool = 1,
        Ascend-Idle-Limit = 0,
        Ascend-Force-56 = Force-56-No,
        Fall-Through = No

Important bits from the radiusd.conf file
-----------------------------------------
modules {

        ldap {
                server = "ldaptest2.xpedite.com"
                identity = "uid=radius, ou=people, dc=xpedite, dc=com"
                password = "tcpip"
                basedn = "ou=people, dc=xpedite, dc=com"
                filter = "(uid=%u)"
                start_tls = yes
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                password_header = "{clear}"
                password_attribute = "userPassword"
                timeout = 30
                timelimit = 30
                net_timeout = 30
        }
        chap {
        }
        mschap {
        }
        eap {
        }

....etc...

authorize {
        files
        ldap {
                notfound = return
        }
}


authenticate {

        ldap
        authtype CHAP {
                chap
        }
        authtype MSCHAP {
                mschap
        }
#       authtype EAP { 
#               eap
#
#       For some reason when trying to insert this
#       module I get this error "Module: Loaded eap 
#       radiusd.conf[383]: eap: Module instantiation
#       failed. 
#       }

}

Here I am trying to authenticate using chap
--------------------------------------------------------------
rad_recv: Access-Request packet from host 137.236.215.1:4069, id=138,
length=92
        User-Name = "mdh"
        CHAP-Password =
"\256\300/\260\215\272G\350\320\021\035$\360\003F\254"
        CHAP-Challenge = "O\ta\243Q\330\010\256\350E\211\277{+n\320"
        Service-Type = Authenticate-Only
        Framed-Protocol = PPP
        NAS-IP-Address = 137.236.215.1
        NAS-Port = 23435
        NAS-Port-Type = Virtual
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mdh
rlm_ldap: (re)connect to ldaptest2.xpedite.com:389, authentication 0
rlm_ldap: try to start TLS
rlm_ldap: bind as uid=radius, ou=people, dc=xpedite, dc=com/tcpip
rlm_ldap: waiting for bind result ...
rlm_ldap: Password header not found in password welcome for user mdh
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user mdh authorized to use remote access
rlm_chap: login attempt by "mdh" with CHAP password /?G??$?F
rlm_chap: Could not find clear text password for user mdh
Login incorrect: [mdh/<CHAP-Password>] (from nas 137.236.215.1 port 23435)
Sending Access-Reject of id 138 to 137.236.215.1:4069

Here I am trying to log in via PAP
----------------------------------
rad_recv: Access-Request packet from host 137.236.215.1:4074, id=195,
length=73
        User-Name = "mdh"
        Password = "\373a\312{k\347\314\375\373\2729\014[\331\037\005"
        Service-Type = Authenticate-Only
        Framed-Protocol = PPP
        NAS-IP-Address = 137.236.215.1
        NAS-Port = 23447
        NAS-Port-Type = Virtual
rlm_ldap: - authorize
rlm_ldap: performing user authorization for mdh
rlm_ldap: Password header not found in password welcome for user mdh
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user mdh authorized to use remote access
rlm_chap: Attribute "CHAP-Password" is required for authentication. Cannot
use "Password".
Login incorrect: [mdh/welcome] (from nas 137.236.215.1 port 23447)
Sending Access-Reject of id 195 to 137.236.215.1:4074



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to