Hi, I don't
suppose this is not a very uncommon problem as I am using a standard
configuration, however, would like to ask as I could find no hints on the list
archive.
I have configured
freeradius to auth using LDAP over Novell NDS and it works perfectly for Cisco
clients or for radtest command. However, when I tired to authenticate using
Windows 2000 RRAS, it seems no password transferred to the Radius and
authentication failed.
Please find below a
sample debug:
rad_recv:
Access-Request packet from host 192.168.62.104:4515, id=9, length=214
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Thread 1 handling request 0, (1 handled so far)
Nothing to do. Sleeping until we see a request.
NAS-IP-Address = 192.168.62.104
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 11
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Virtual
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IP
Calling-Station-Id = "192.168.62.40"
Tunnel-Client-Endpoint:0 = "192.168.62.40"
User-Name = "testuser"
MS-CHAP-Challenge = 0x34a9383b6df43c13cc4f6a530fce5f5c
MS-CHAP2-Response = 0x0000eb4ced12a472d43453f801a42433c1a80000000000000000c6ec79cceafb6e895d9bd174b2a524f3cc47c946e8ef1e21
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(cn=testuser)'
radius_xlat: 'o=ku'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to mm.ku.edu.tr:389, authentication 0
rlm_ldap: bind as /
rlm_ldap: waiting for bind result ..
rlm_ldap: performing search in o=ku, with filter (cn=testuser)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Thread 1 handling request 0, (1 handled so far)
Nothing to do. Sleeping until we see a request.
NAS-IP-Address = 192.168.62.104
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 11
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Virtual
Tunnel-Type:0 = PPTP
Tunnel-Medium-Type:0 = IP
Calling-Station-Id = "192.168.62.40"
Tunnel-Client-Endpoint:0 = "192.168.62.40"
User-Name = "testuser"
MS-CHAP-Challenge = 0x34a9383b6df43c13cc4f6a530fce5f5c
MS-CHAP2-Response = 0x0000eb4ced12a472d43453f801a42433c1a80000000000000000c6ec79cceafb6e895d9bd174b2a524f3cc47c946e8ef1e21
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(cn=testuser)'
radius_xlat: 'o=ku'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to mm.ku.edu.tr:389, authentication 0
rlm_ldap: bind as /
rlm_ldap: waiting for bind result ..
rlm_ldap: performing search in o=ku, with filter (cn=testuser)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "Ldap"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
here is the problem I suppose !!!
modcall[authenticate]: module "ldap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
