Re: Problem: EAP/MD5 LDAP No password configured for this user.

Mon, 12 Aug 2002 00:07:40 -0700 


Kostas Kalevras wrote:

> On Fri, 9 Aug 2002, [iso-8859-1] J�rgen Wei� wrote:
>
> > High list
> >
> > I have a problem with freeradius version 0.6 in conjunction with ldap
> > and eap-md5.
> >
> > Access is rejected and freeradius complains: rlm_eap_md5: No password
> > configured for this user.
> > ldap authentication seems to be o.k !. Any hints to solve the problem.
>
> You should extract the clear text user password from ldap for EAP MD5 to work
> correctly. Just make sure you have clear text passwords in ldap, that the bind
> user/password that the ldap module is configured to use can read the clear text
> password attribute and set the password_header and password_attribute
> ldap module configuration directives to the appropriate values.

Thank you for responding so quick. The solution was to use the password_attribute
and NOT to use
the password_header

>
>
> >
> > BTW: With authentication in users-file - without  ldap - all works fine.
> >
> >
> >
> > ================================== radiusd.conf
> > ==========================
> > ...
> >
> > authorize {
> >         preprocess
> >         ldap
> >         eap
> > }
> >
> > authenticate {
> >         eap
> > }
> >
> > ...
> >
> > ================================== Start: radius log
> > ==========================
> > rad_recv: Access-Request packet from host 134.106.87.253:1085, id=58,
> > length=184
> >  User-Name = "beratung"
> >  NAS-IP-Address = 134.106.87.253
> >  Called-Station-Id = "0040965ad27f"
> >  Calling-Station-Id = "0009e8b4e60a"
> >  NAS-Identifier = "cisco-WLan01"
> >  NAS-Port = 37
> >  Framed-MTU = 1400
> >  State =
> > 0x01b410a331dd4ac5d558176373602f16ff81533da6feb6be10799fd25d88c5b64d43e145
> >
> >  NAS-Port-Type = Wireless-802.11
> >  EAP-Message =
> > "\0029\000\036\004\020\300U\345\355\335|\232j\0311\204ia\230\250\267beratung"
> >
> >  Message-Authenticator = 0x701d6a8123eefc08972328f993ba7bdb
> > modcall: entering group authorize
> >   modcall[authorize]: module "preprocess" returns ok
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for beratung
> > radius_xlat:  '(uid=beratung)'
> > radius_xlat:  'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in
> > ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=beratung)
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user beratung authorized to use remote access
> > ldap_release_conn: Release Id: 0
> >   modcall[authorize]: module "ldap" returns ok
> >   modcall[authorize]: module "eap" returns updated
> > modcall: group authorize returns updated
> >   rad_check_password:  Found Auth-Type EAP
> > auth: type "EAP"
> > modcall: entering group authenticate
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP_TYPE - md5
> > rlm_eap: processing type md5
> > rlm_eap_md5: No password configured for this user
> >   modcall[authenticate]: module "eap" returns invalid
> > modcall: group authenticate returns invalid
> > auth: Failed to validate the user.
> > Delaying request 1 for 1 seconds
> > Finished request 1
> > Going to the next request
> > SMUX connect try 3
> > Can't connect to SNMP agent with SMUX: Connection refused
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 134.106.87.253:1085, id=58,
> > length=184
> > Sending Access-Reject of id 58 to 134.106.87.253:1085
> >  EAP-Message = "\004:\000\004"
> >  Message-Authenticator = 0x00000000000000000000000000000000
> > --- Walking the entire request list ---
> > Waking up in 5 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 0 ID 57 with timestamp 3d5381ff
> > Cleaning up request 1 ID 58 with timestamp 3d5381ff
> > Nothing to do.  Sleeping until we see a request.
> > ================================== End:   radius log
> > ==========================
> >
> > --
> > +----------------------------------------------------------------------+
> >
> > + Juergen Weiss                mailto:[EMAIL PROTECTED]   |
> >
> > + Hochschulrechenzentrum       TEL:   +49 0441 7984407                 |
> >
> > + Universitaet Oldenburg       FAX:   +49 0441 7984413                 |
> >
> > + Carl v. Ossietzky Str. 9-11  http://www.hrz.uni-oldenburg.de/~weiss  |
> >
> > +----------------------------------------------------------------------+
> >
> > +
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras         Network Operations Center
> [EMAIL PROTECTED]      National Technical University of Athens, Greece
> Work Phone:             +30 10 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
+----------------------------------------------------------------------+
+ Juergen Weiss                mailto:[EMAIL PROTECTED]   |
+ Hochschulrechenzentrum       TEL:   +49 0441 7984407                 |
+ Universitaet Oldenburg       FAX:   +49 0441 7984413                 |
+ Carl v. Ossietzky Str. 9-11  http://www.hrz.uni-oldenburg.de/~weiss  |
+----------------------------------------------------------------------+
+




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html























					Reply via email to