On Fri, 9 Aug 2002, [iso-8859-1] J�rgen Wei� wrote:
> High list
>
> I have a problem with freeradius version 0.6 in conjunction with ldap
> and eap-md5.
>
> Access is rejected and freeradius complains: rlm_eap_md5: No password
> configured for this user.
> ldap authentication seems to be o.k !. Any hints to solve the problem.
You should extract the clear text user password from ldap for EAP MD5 to work
correctly. Just make sure you have clear text passwords in ldap, that the bind
user/password that the ldap module is configured to use can read the clear text
password attribute and set the password_header and password_attribute
ldap module configuration directives to the appropriate values.
>
> BTW: With authentication in users-file - without ldap - all works fine.
>
>
>
> ================================== radiusd.conf
> ==========================
> ...
>
> authorize {
> preprocess
> ldap
> eap
> }
>
> authenticate {
> eap
> }
>
> ...
>
> ================================== Start: radius log
> ==========================
> rad_recv: Access-Request packet from host 134.106.87.253:1085, id=58,
> length=184
> User-Name = "beratung"
> NAS-IP-Address = 134.106.87.253
> Called-Station-Id = "0040965ad27f"
> Calling-Station-Id = "0009e8b4e60a"
> NAS-Identifier = "cisco-WLan01"
> NAS-Port = 37
> Framed-MTU = 1400
> State =
> 0x01b410a331dd4ac5d558176373602f16ff81533da6feb6be10799fd25d88c5b64d43e145
>
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> "\0029\000\036\004\020\300U\345\355\335|\232j\0311\204ia\230\250\267beratung"
>
> Message-Authenticator = 0x701d6a8123eefc08972328f993ba7bdb
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for beratung
> radius_xlat: '(uid=beratung)'
> radius_xlat: 'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
> ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in
> ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=beratung)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user beratung authorized to use remote access
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok
> modcall[authorize]: module "eap" returns updated
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - md5
> rlm_eap: processing type md5
> rlm_eap_md5: No password configured for this user
> modcall[authenticate]: module "eap" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> SMUX connect try 3
> Can't connect to SNMP agent with SMUX: Connection refused
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 134.106.87.253:1085, id=58,
> length=184
> Sending Access-Reject of id 58 to 134.106.87.253:1085
> EAP-Message = "\004:\000\004"
> Message-Authenticator = 0x00000000000000000000000000000000
> --- Walking the entire request list ---
> Waking up in 5 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 57 with timestamp 3d5381ff
> Cleaning up request 1 ID 58 with timestamp 3d5381ff
> Nothing to do. Sleeping until we see a request.
> ================================== End: radius log
> ==========================
>
> --
> +----------------------------------------------------------------------+
>
> + Juergen Weiss mailto:[EMAIL PROTECTED] |
>
> + Hochschulrechenzentrum TEL: +49 0441 7984407 |
>
> + Universitaet Oldenburg FAX: +49 0441 7984413 |
>
> + Carl v. Ossietzky Str. 9-11 http://www.hrz.uni-oldenburg.de/~weiss |
>
> +----------------------------------------------------------------------+
>
> +
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
