On Mon, 14 Oct 2002, lowson wrote:
> Hi all:
> I use eap-md5 to auth with openldap.
> I have added a account to openldap as follows:
>
> dn: cn=test2,dc=example,dc=com
> objectclass: person
> objectclass: radiusprofile
> cn: test2
> sn: test2
> userPassword: {clear}test2
>
> according to bellow freeradius message, my freeradius have retrived
> 'test2' from openldap.
> I don't know the message ----->rlm_ldap: Attribute "User-Password" is
> required for authentication.
> Does the radius client send a radius packet with User-Password attribute?
> I think that it's invalid on eap-md5.
> thanks
>
> ........................
> --- Walking the entire request list ---
> Cleaning up request 0 ID 1 with timestamp 3daa1beb
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host 192.168.168.134:1812, id=1,
> length=113
> NAS-IP-Address = 192.168.168.134
> Called-Station-Id = "00-60-B3-6F-89-C8"
> Calling-Station-Id = "00-40-96-36-6C-8C"
> NAS-Port-Type = Wireless-802.11
> Framed-MTU = 1400
> User-Name = "test2"
> EAP-Message = "\002\000\000\n\001test2"
> Message-Authenticator = 0xcc0fbe218f7d932d3aeeb97829359375
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Looking up realm NULL for User-Name = "test2"
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for test2
> radius_xlat: '(cn=test2)'
> radius_xlat: 'dc=example,dc=com'
> ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.168.108:389, authentication 0
> rlm_ldap: setting TLS mode to 4
> rlm_ldap: bind as / to 192.168.168.108:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in dc=example,dc=com, with filter (cn=test2)
> rlm_ldap: Added password test2 in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user test2 authorized to use remote access
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok
> users: Matched DEFAULT at 1
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> modcall: entering group authtype
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "ldap" returns invalid
> modcall: group authtype returns invalid
> auth: Failed to validate the user.
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Sending Access-Reject of id 1 to 192.168.168.134:1812
> .........
You don't have the eap module in the authorize section. The ldap module and not
eap is the one that tries to do authentication in your case so it is obviously
complaining about the User-Password attribute not present in the request.
Fix these and it should work ok.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
