This is fun:
Now, PAP will authenticate when an LDAP user has a {crypt} password and will
not work with a clear text password stored in ldap? The following user has
password stored {clear}
Can you tell me how to get around this as I will need to store all ldap
passwords {clear} to use CHAP.
Thanks
Michael
rad_recv: Access-Request packet from host 208.241.20.2:64113, id=72,
length=61
User-Name = "[EMAIL PROTECTED]"
Password = "\241\312\202\355%E\334\365\\\n\tH\306\330\013H"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for [EMAIL PROTECTED]
radius_xlat: '([EMAIL PROTECTED])'
radius_xlat: 'dc=uchub,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:389:389, authentication 0
rlm_ldap: bind as cn=manager,dc=uchub,dc=com/b33r1sg00d
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=uchub,dc=com, with filter
([EMAIL PROTECTED])
rlm_ldap: Added password uchubtest in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user [EMAIL PROTECTED] authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
rlm_realm: Proxying request from user testuser to realm planetez.net
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 2
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "uchubtest"
rlm_ldap: user DN: [EMAIL PROTECTED],ou=People,dc=uchub,dc=com
rlm_ldap: (re)connect to ldap:389:389, authentication 1
rlm_ldap: bind as
[EMAIL PROTECTED],ou=People,dc=uchub,dc=com/uchubtest
rlm_ldap: waiting for bind result ...
modcall[authenticate]: module "ldap" returns reject
modcall: group authtype returns reject
auth: Failed to validate the user.
Login incorrect (rlm_ldap: Bind as user failed):
[[EMAIL PROTECTED]/uchubtest] (from client MR-Firewall port 0)
Sending Access-Reject of id 72 to 208.241.20.2:64113
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 72 with timestamp 3ca21fb8
Nothing to do. Sleeping until we see a request.
-----Original Message-----
From: Alan DeKok [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 1:06 PM
To: [EMAIL PROTECTED]
Subject: Re: CHAP-Password & LDAP Auth?
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> Do one of the following:
>
> 1.
...
Can you add this to the default 'radiusd.conf.in'? There are enough
questions about CHAP and other modules that a template should be in the
default configuration file.
Also, it may be useful to add an 'authorize' section to rlm_pap, and to
list it as the LAST module in the 'authorize' list. That way, the discovery
of doing PAP authentication can be automagic.
Hmm... src/main/files.c and src/main/auth.c do various magic to discover
Auth-Type = Local. This should be fixed, too.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
