On Wed, Jan 09, 2002 at 05:15:29PM -0500,
[EMAIL PROTECTED] <[EMAIL PROTECTED]> is thought to have said:
> in a file, and then send it via 'radclient'. The radclient program
> will take care of encrypting the CHAP password, just like it takes
> care of encrypting the User-Password attribute.
Ah. Ok. Then I guess I'm confused about something else in my config because
authenticating against my LDAP server is failing when I use feed it
'User-Name = "test", CHAP-Password = "blah"' but it works when I use
'Password = "blah"'. The -X output shows:
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'ou=People,o=example.com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.example.com:389, authentication 0
rlm_ldap: bind as cn=Directory Manager/[password]
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=People,o=example.com, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by dialupAccess
rlm_ldap: Password header not found in password {crypt}[cryptstring] for user test
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: Attribute "Password" is required for authentication. Cannot use
"CHAP-Password".
modcall[authenticate]: module "ldap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Login incorrect: [test/<CHAP-Password>] (from nas local port 0)
My users file contains:
DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP
And my radiusd.conf contains:
modules {
ldap {
server = "ldap.example.com"
identity = "cn=Directory Manager"
password = [password]
basedn = "ou=People,o=example.com"
filter = "(uid=%u)"
start_tls = no
access_attr = "dialupAccess"
ldap_connections_number = 5
password_header = "{clear}"
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
ldap
}
authenticate {
authtype CHAP {
chap
}
ldap
}
I'm using the CVS shapshot from 1/4/02.
Any thoughts on what I'm doing wrong?
Thanks,
Tabor
--
--------------------------------------------------------------------
Tabor J. Wells [EMAIL PROTECTED]
Fsck It! Just another victim of the ambient morality
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
