I'm a newbie to radius and am trying to get mschap to authenticate over ppp using an ldap server. I have read through many archives and checked the faq's but still no luck. I can authenticate successfully using text passwords and everything works fine connecting to poptop without radius.
I am storing the userpassword as text in ldap. radiusd.conf and the output from radius are below. Any help would be appreciated!
tia
-------------------------------------------------------------------- radiusd.conf: --------------------------------------------------------------------
modules {
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
} ldap {
server = "10.1.1.2"
identity = "cn=Manager,dc=tsoftware,dc=com"
password = mypass
basedn = "dc=tsoftware,dc=com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_header = "{clear}"
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
# access_attr_used_for_allow = yes
}
}authorize {
preprocess
ldap
mschap
}authenticate {
Auth-Type MS-CHAP {
mschap
} # Auth-Type LDAP {
# ldap
# }
}
-------------------------------------------------------------------- radiusd output: --------------------------------------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:32807, id=111, length=59
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "RadiusTestUID"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for RadiusTestUID
radius_xlat: '(uid=RadiusTestUID)'
radius_xlat: 'dc=tsoftware,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.1.1.2:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=tsoftware,dc=com/mypass to 10.1.1.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=tsoftware,dc=com, with filter (uid=RadiusTestUID)
rlm_ldap: checking if remote access for RadiusTestUID is allowed by dialupAccess
rlm_ldap: Password header not found in password usertestpwd for user RadiusTestUID
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user RadiusTestUID authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 111 to 127.0.0.1:32807
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 111 with timestamp 3f9438ca
Nothing to do. Sleeping until we see a request.
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
