Dear Andreas Grote,
Probably there's a problem with SMB-Account-CTRL-TEXT - it's incomplete.
You can try to remove it at all, if you do not use it to control
account.
SMB-Account-CTRL-TEXT, value [UX
--Friday, April 26, 2002, 2:04:52 AM, you wrote to [EMAIL PROTECTED]:
AG> Hi, i am trying to get MS-Cha working with LDAP, and yes I read the Whole
AG> mailinglist up and down. But I couldn`t find a proper answer for this
AG> problem. Actually I find the postings give different suggesions and it
AG> seems like nobody realy knows how to configure this and is just giving good
AG> guesses. Proof me wrong please!
AG> I posted some Infos below.
AG> ----------------------------------------------
AG> If I uncomment "etc/smbpasswd" (in the moldulesection for mschap in the
AG> radius.conf)
AG> and use the sambapasswords (that happen to be on the machine also), it
AG> works just fine.
AG> But with the attempt to retrieve the (NT-LN) passwords with ldap it recects
AG> without an error message??
AG> Just saing "modcall[authenticate]: module "mschap" returns reject"
AG> ================= debug ======================
AG> rad_recv: Access-Request packet from host 192.168.168.111:1024, id=14,
AG> length=108
AG> Thread 1 assigned request 0
AG> --- Walking the entire request list ---
AG> Threads: total/active/spare threads = 5/1/4
AG> Nothing to do. Sleeping until we see a request.
AG> Thread 1 handling request 0, (1 handled so far)
AG> User-Name = "user"
AG> MS-CHAP-Challenge = 0xaeeb7b7ea94305a4a20b12c12858587e
AG> MS-CHAP2-Response =
AG> 0x010051fba451d02d5b08c1ae0c07740de2040000000000000000829b7aa6fd5a35e9f0d2a
AG> 076ce705faa1b4768cd941b1dab
AG> modcall: entering group authorize
AG> modcall[authorize]: module "preprocess" returns ok
AG> rlm_ldap: - authorize
AG> rlm_ldap: performing user authorization for user
AG> radius_xlat: '(uid=user)'
AG> radius_xlat: 'dc=uni-lueneburg,dc=de'
AG> ldap_get_conn: Got Id: 0
AG> rlm_ldap: attempting LDAP reconnection
AG> rlm_ldap: (re)connect to 192.168.168.45:389, authentication 0
AG> rlm_ldap: bind as cn=admin,dc=uni-lueneburg,dc=de/12345678
AG> rlm_ldap: waiting for bind result ...
AG> rlm_ldap: performing search in dc=uni-lueneburg,dc=de, with filter
AG> (uid=user)
AG> rlm_ldap: Added password 57D583AA46D571502AAD4BB7AEA09C70 in check items
AG> rlm_ldap: looking for check items in directory...
AG> rlm_ldap: Adding radiusdarfdas as darfdas, value 1 & op=11
AG> rlm_ldap: looking for reply items in directory...
AG> rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=11
AG> rlm_ldap: Adding ntPassword as NT-Password, value
AG> 57D583AA46D571502AAD4BB7AEA09C70 & op=11
AG> rlm_ldap: Adding lmPassword as LM-Password, value
AG> 22124EA690B83BFBAAD3B435B51404EE & op=11
AG> rlm_ldap: user user authorized to use remote access
AG> ldap_release_conn: Release Id: 0
AG> modcall[authorize]: module "ldap" returns ok
AG> users: Matched DEFAULT at 178
AG> modcall[authorize]: module "files" returns ok
AG> modcall[authorize]: module "mschap" returns ok
AG> modcall: group authorize returns ok
AG> rad_check_password: Found Auth-Type MS-CHAP
AG> auth: type "MS-CHAP"
AG> modcall: entering group authenticate
AG> modcall[authenticate]: module "mschap" returns reject
AG> modcall: group authenticate returns reject
AG> auth: Failed to validate the user.
AG> Delaying request 0 for 1 seconds
AG> Finished request 0
AG> Going to the next request
AG> Thread 1 waiting to be assigned a request
AG> ===============radius.conf=======================
AG> authorize {
AG> ldap
AG> files
AG> mschap
AG> }
AG> authenticate {
AG> mschap
AG> }
AG> =================user=========================
AG> DEFAULT Auth-Type := MS-Chap
AG> DEFAULT Fall-Through = no
AG> ================lap conifg====================
AG> ldap {
AG> server = "192.168.168.45"
AG> identity = "cn=admin,dc=donknow,dc=de"
AG> password = secret
AG> basedn = "dc=uni-lueneburg,dc=de"
AG> #authtype = "MS-CHAP"
AG> filter = "(uid=%u)"
AG> start_tls = no
AG> # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
AG> # profile_attribute = "radiusProfileDn"
AG> #access_group = "cn=clients,ou=dialup,o=My Org,c=UA"
AG> #access_attr = "displayName"
AG> #access_group = "dc=donknow,dc=de"
AG> dictionary_mapping = ${raddbdir}/ldap.attrmap
AG> # ldap_cache_timeout = 120
AG> # ldap_cache_size = 0
AG> ldap_connections_number = 5
AG> # password_header = "{clear}"
AG> password_attribute = userPassword (I also tried ntPassword)
AG> # groupname_attribute = cn
AG> # groupmembership_filter =
AG> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=Group
AG> OfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
AG> timeout = 4
AG> timelimit = 3
AG> net_timeout = 1
AG> }
--
~/ZARAZA
���� ��� ������ ������, ��� ��������� ����� �����. (���)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
