Re: Authenticating using LDAP module

Thu, 18 Sep 2003 04:26:38 -0700 

On Thu, 18 Sep 2003 12:30:02 +0300 (EEST)
Kostas Kalevras <[EMAIL PROTECTED]> wrote:

> > What I need now is CHAP-Password type to be
> > send across to Radius Server from Client.My password in the LDAP database is
> > plain text.I would like to know what is addition that to be given in
> > radiusd.conf if necessary?
> 
> This has been discussed many times in the list. Check the list archives. Also
> doc/rlm_ldap includes plenty of information on the subject.


B'4 posting the former mail I checked out the mailing list....But still I didn't able 
to figure out.Sorry if I have missed to pin point something

When I issue command say

$ echo "User-Name = \"vishal\", CHAP-Password = \"vishal\"" | radclient -x  -s 
10.0.1.180 auth testing123

$ radiusd -x 
rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47
        User-Name = "vishal"
        CHAP-Password = 0x80c8b36527f114b9b5845eee357625c2b4
  rlm_chap: Setting 'Auth-Type := CHAP'
rlm_ldap: - authorize
rlm_ldap: performing user authorization for vishal
ldap_get_conn: Got Id: 0
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sn as User-Name, value vishal & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user vishal authorized to use remote access
ldap_release_conn: Release Id: 0
  rlm_chap: login attempt by "vishal" with CHAP password ?ȳe'�?��?^�5v%´
  rlm_chap: Could not find clear text password for user vishal
rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47
Sending Access-Reject of id 128 to 10.0.1.180:1122


my radiusd.conf is
ldap{
        
        server = "10.0.1.180" 
        basedn = "o=icope"
        filter = "cn=%u"
        password_attribute = userPassword
        password_header = "{clear}"
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        timeout = 4
        timelimit = 3
        net_timeout = 1
        ldap_debug = 0x0000
        
}

authorize{

        ldap
        chap

}
authenticate{
        
        Auth-Type CHAP{
                chap
        }

        Auth-Type LDAP{
                ldap
        }
}


In Users file

I tried out with both (either of) entry given down and without also

DEFAULT  Auth-Type := LDAP
Fall-Through = yes

DEFAULT  Auth-Type := CHAP
Fall-Through = yes

If it is without CHAP the same settings is working smoothly.Where I'm failing once 
again?

Thanx 

-Vishal


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to