i am using freeradius 0.9.1 on rh. linux 9 i have a running system using ldap, which is working really fine,
what i wanted to do is to switch Auth-Type from LDAP to Auth-Type :=PAP so i modified the ldap entries to Auth-Type :=PAP,
when i tried the same using the users file and lettin Auth-Type:=PAP it was working ok.
i tried to add a default section to the users file: DEFAULT Auth-Type = PAP ( i got this from a previous posting from kostas)
but still do i get the same error:* *rlm_pap: No password (or empty password) to check against for for user soe
everytime i try to authenticate i get the following error:
snippet of radiusd -X:
-------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:33322, id=6, length=43
User-Name = "soe"
User-Password = "cross4"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_realm: No '@' in User-Name = "soe", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for soe
radius_xlat: '(uid=soe)'
radius_xlat: 'xxx'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as xxx to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in xxx, with filter (uid=soe)
rlm_ldap: checking if remote access for soe is allowed by dialupAccess
rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobsen-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value None & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: Password header not found in password {CRYPT}wCXDeZp/uLRGE for user soe
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value PAP & op=21
rlm_ldap: extracted attribute NAS-Port-Type from generic item NAS-Port-Type == "ISDN"
rlm_ldap: looking for reply items in directory...
rlm_ldap: user soe authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
* rad_check_password: Found Auth-Type PAP
auth: type "PAP"
modcall: entering group Auth-Type
rlm_pap: login attempt by "soe" with password 123
rlm_pap: No password (or empty password) to check against for for user soe
modcall[authenticate]: module "pap" returns invalid
modcall: group Auth-Type returns invalid
auth: Failed to validate the user.*
Login incorrect (rlm_pap: User password not available): [soe/123] (from client localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0
----------------------------------------------
in radiusd.conf the conf look like following:
ldap section:
password_header = "{crypt}"
password_attribute = userPassword
authorize section:authorize {
preprocess
chap
suffix
files
mschap
ldap
}authentication section:
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
}any help please??
thank you best regards
ossama
-- Ossama Suleiman Systems Engineer TE Data S.A.E Email: [EMAIL PROTECTED] Web: www.tedata.net Phone: +(202)-416-6600, EXT: 1105
"Learn from yesterday, live for today, hope for tomorrow."
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
