On Fri, 30 May 2003 [EMAIL PROTECTED] wrote:
> Hi
>
>
> > >I really don't understand why you need the password_attribute to not
> be
> > >userpassword.
> >
> >> An user will have
> >> -> a Cisco Password for authentification with Router Cisco
> >> -> a VPN Password for authentification to access VPN
> >> etc....
> >> I would want indicate to Radius the specific attribute that he must
> use
>
> >OK.
> >So what do you mean by password_attribute = sn does not work? From what
> I >can
> >see it should work just fine. Please move this to the freeradius-users
> list >and
> >post a debug log of the server handling an access-request with
> >password_attribute set to sn.
>
> If you have an answer about the fact that I receive an ACCESS-REJECT,
> I take it with joy
>
> Philippe
>
>
>
> Here is the log for an access request of user Philippe
>
> Module: Loaded LDAP
> ldap: server = "192.168.1.53"
> ldap: port = 389
> ldap: net_timeout = 1
> ldap: timeout = 4
> ldap: timelimit = 3
> ldap: ldap_cache_timeout = 0
> ldap: ldap_cache_size = 0
> ldap: identity = "cn=Root,dc=e-qual,dc=fr"
> ldap: start_tls = no
> ldap: tls_mode = no
> ldap: password = "poiuyt"
> ldap: basedn = "ou=Users,dc=e-qual,dc=fr"
> ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> ldap: default_profile = "(null)"
> ldap: profile_attribute = "(null)"
> ldap: password_header = "{MD5}"
^^^^^^^^^^^^^^
This is wrong. password_header should not be set
> ldap: password_attribute = "sn"
>
>
> rad_recv: Access-Request packet from host 192.168.2.92:1222, id=1,
> length=48
> User-Name = "philippe"
> User-Password = "philippe"
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_chap: Could not find proper Chap-Password attribute in request
> modcall[authorize]: module "chap" returns noop
> modcall[authorize]: module "mschap" returns notfound
> rlm_realm: No '@' in User-Name = "philippe", looking up realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
> users: Matched philippe at 218
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
You don't have the ldap module in the authorize section.
> rad_check_password: Found Auth-Type USERS
> auth: type "USERS"
> modcall: entering group authtype
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "philippe" with password "philippe"
> radius_xlat: '(uid=philippe)'
> radius_xlat: 'ou=Users,dc=e-qual,dc=fr'
> ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.1.53:389, authentication 0
> rlm_ldap: bind as cn=Root,dc=e-qual,dc=fr/poiuyt to 192.168.1.53:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in ou=Users,dc=e-qual,dc=fr, with filter
> (uid=philippe)
> ldap_release_conn: Release Id: 0
> rlm_ldap: user DN: uid=philippe,ou=Users,dc=e-qual,dc=fr
> rlm_ldap: (re)connect to 192.168.1.53:389, authentication 1
> rlm_ldap: bind as uid=philippe,ou=Users,dc=e-qual,dc=fr/philippe to
> 192.168.1.53:389
> rlm_ldap: waiting for bind result ...
> modcall[authenticate]: module "ldap1" returns reject
> modcall: group authtype returns reject
> auth: Failed to validate the user.
> Login incorrect (rlm_ldap: Bind as user failed): [philippe/philippe]
> (from client testing port 0)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
