I am usually not a complete idiot, but I cannot get this to work. Using the
settings for radiusd you recommended I cannot get PAP or CHAP to work. PAP
will work if I put ldap back in the authenticate section. I am beyond the
point of embarrassed now but must keep going.
Below are my results:
Radiusd.conf authorize and auth sections:
authorize {
preprocess
chap
ldap
suffix
files
}
authenticate {
unix
chap
# ldap
}
PAP Attempt:
rad_recv: Access-Request packet from host 208.241.20.2:64305, id=17,
length=42
User-Name = "me"
Password = "\207\246\031v}\\\237f\207_\307\202#\200\366Q"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for me
radius_xlat: '(uid=me)'
radius_xlat: 'dc=uchub,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:389:389, authentication 0
rlm_ldap: bind as cn=manager,dc=uchub,dc=com/password
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=uchub,dc=com, with filter (uid=me)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user me authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 2
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type ldap
auth: type "Ldap"
auth: Failed to validate the user.
Login incorrect: [me/password] (from client MR-Firewall port 0)
Sending Access-Reject of id 17 to 208.241.20.2:64305
Finished request 0
CHAP Attempt:
rad_recv: Access-Request packet from host 208.241.20.2:64709, id=18,
length=43
User-Name = "me"
CHAP-Password = "\302w\247\033\363\253S\376\346\t$.\016by=2"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module "chap" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for me
radius_xlat: '(uid=me)'
radius_xlat: 'dc=uchub,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=uchub,dc=com, with filter (uid=me)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user me authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 2
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type ldap
auth: type "Ldap"
auth: Failed to validate the user.
Login incorrect: [me/<CHAP-Password>] (from client MR-Firewall port 0)
Sending Access-Reject of id 18 to 208.241.20.2:64709
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 18 with timestamp 3ca1ebcd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
