Kostas Kalevras <[EMAIL PROTECTED]> writes:
>
> First of all you don't have the files module in the authorize section of
> radiusd.conf. That means that whatever you put in the users file will not be
> read. Also, the ldap module will set the Auth-Type to LDAP if it has not been
> already set. So it should be put after any other module which needs to set the
> Auth-Type (like mschap,chap etc). So the config for the authorize section should be:
>
> authorize{
> mschap
> files
> ldap
> }
>
Eureka! Now I'm sending an access A The LDAP must be before mschap because thats where
I'm fetching the plaintext passwords from ( LDAP will set the Password
attribute of the request. )
I'm summarizing my configuration that I'm using with the current CVS
version ( plus a couple obvious tweaks here and there to get it to
compile ) so that future people trying to get the Nortel Contivity
VPN authenticating PPTP users via freeradius and against an LDAP
server that stores plaintext passwords in the chapPassword attribute.
modules {
ldap {
server = "servername"
identity = "uid=AdminName,ou=Directory Administrators,dc=here,dc=com"
password = "adminPassowrd"
basedn = "dc=here,dc=com"
filter = "(uid=%u)"
password_attribute = "chapPassword"
dictionary_mapping = ${raddbdir}/ldap.attrmap
timeout = 4
timelimit = 3
net_timeout = 1
password_header = ""
}
mschap {
}
}
authorize {
ldap
files
mschap
}
authenticate {
MSCHAP {
mschap
}
}
DEFAULT Auth-Type := MSCHAP
Fall-Through = 1
This is getting much closer to working with my Nortel box
Sending Access-Accept of id 170 to xxx.xxx.xxx.xxx:1095
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
MS-CHAP-MPPE-Keys = 0xInsertKeyHere
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
I've got the Nortel people coming by on Friday to help me figure the
rest out but my guess initial guess is that they are expecting a
MS-CHAP-LM-Enc-PW instead of MS-CHAP-MPPE-Keys but I'm not sure..
I think this means they want it to send a reply at the smbpasswd portion.
Security [12] Session: PPTP[cmg]:84 assigned IP address xxx.xxx.xxx.xxx, mask 0.0.0.0
Ppp0x032dc5c0 [13] UID: cmg, No NT password hash found for MPPE RC4-128 bit key
generation.
Ppp0x032dc5c0 [13] RC4-128 encryption key generation failure, CCP disabled.
Ppp0x032dc5c0 [13] CCP Down and encryption needed!
Ppp0x032dc5c0 [13] Encryption needed but couldn't be negotiated!
Security [12] Session: PPTP[cmg]:84 logged out
--
Chris Green <[EMAIL PROTECTED]>
A watched process never cores.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
