Hi.

I'm a newbie to radius and am trying to get mschap to authenticate over ppp
using an ldap server.  I have read through many archives and checked the
faq's but still no luck.  I can authenticate successfully using text
passwords and everything works fine connecting to poptop without radius.

I am storing the userpassword as text in ldap.  radiusd.conf and the output
from radius are below.  Any help would be appreciated!

tia

--------------------------------------------------------------------
radiusd.conf:
--------------------------------------------------------------------

modules {
   mschap {
       authtype = MS-CHAP
       use_mppe = yes
       require_encryption = yes
       require_strong = yes
   }

   ldap {
       server = "10.1.1.2"
       identity = "cn=Manager,dc=tsoftware,dc=com"
       password = mypass
       basedn = "dc=tsoftware,dc=com"
       filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
       start_tls = no
       access_attr = "dialupAccess"
       dictionary_mapping = ${raddbdir}/ldap.attrmap
       ldap_connections_number = 5
       password_header = "{clear}"
       password_attribute = userPassword
       timeout = 4
       timelimit = 3
       net_timeout = 1
       # access_attr_used_for_allow = yes
   }
}

authorize {
   preprocess
   ldap
   mschap
}

authenticate {
   Auth-Type MS-CHAP {
       mschap
   }

   # Auth-Type LDAP {
       # ldap
   # }
}


-------------------------------------------------------------------- radiusd output: --------------------------------------------------------------------

rad_recv: Access-Request packet from host 127.0.0.1:32807, id=111, length=59

Service-Type = Framed-User

Framed-Protocol = PPP

User-Name = "RadiusTestUID"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

modcall: entering group authorize for request 0

modcall[authorize]: module "preprocess" returns ok for request 0

rlm_ldap: - authorize

rlm_ldap: performing user authorization for RadiusTestUID

radius_xlat: '(uid=RadiusTestUID)'

radius_xlat: 'dc=tsoftware,dc=com'

ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to 10.1.1.2:389, authentication 0

rlm_ldap: bind as cn=Manager,dc=tsoftware,dc=com/mypass to 10.1.1.2:389

rlm_ldap: waiting for bind result ...

rlm_ldap: performing search in dc=tsoftware,dc=com, with filter
(uid=RadiusTestUID)

rlm_ldap: checking if remote access for RadiusTestUID is allowed by
dialupAccess

rlm_ldap: Password header not found in password usertestpwd for user
RadiusTestUID

rlm_ldap: looking for check items in directory...

rlm_ldap: looking for reply items in directory...

rlm_ldap: user RadiusTestUID authorized to use remote access

ldap_release_conn: Release Id: 0

modcall[authorize]: module "ldap" returns ok for request 0

modcall[authorize]: module "mschap" returns noop for request 0

modcall: group authorize returns ok for request 0

rad_check_password: Found Auth-Type LDAP

auth: type "LDAP"

auth: Failed to validate the user.

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Sending Access-Reject of id 111 to 127.0.0.1:32807

Waking up in 4 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 111 with timestamp 3f9438ca

Nothing to do. Sleeping until we see a request.

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to