Hi,
I use LDAP to authenticate all requests. LDAP contains 2 password
attributes -- a plain text password for authenticating MS-CHAP and a
crypted password for authenticating PAP, CHAP.
I can get CHAP, MS-CHAP working, but not with PAP.
Anyone can help? Thanks in advance.
Lai
Error message:
rad_recv: Access-Request packet from host 147.8.123.123:1645, id=211,
length=197
User-Name = "testuser"
User-Password = "testtest"
NAS-IP-Address = 147.8.123.123
NAS-Port = 21
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "300"
USR-Connect-Speed = 48000-BPS
USR-Modulation-Type = v90Analog
USR-Simplified-MNP-Levels = mnpLevel4
USR-Simplified-V42bis-Usage = none
USR-Chassis-Call-Slot = 0
USR-Chassis-Call-Span = 0
USR-Chassis-Call-Channel = 16
NAS-Identifier = "modemserver"
Acct-Session-Id = "050003e4"
NAS-Port-Type = Async
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: '/var/log/radius/radacct/147.8.123.123/auth-detail-
20031020'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-
%Y%m%d expands to /var/log/radius/radacct/147.8.123.123/auth-detail-
20031020
modcall[authorize]: module "auth_log" returns ok
modcall[authorize]: module "chap" returns noop
users: Matched DEFAULT at 171
users: Matched DEFAULT at 185
modcall[authorize]: module "files" returns ok
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tfklai
radius_xlat: '(uid=testuser)'
radius_xlat: 'ou=radius,c=hk'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,c=hk, with filter
(uid=testuser)
rlm_ldap: Added password testtest in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tfklai authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "first_ldap" returns ok
modcall: group redundant returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group Auth-Type
modcall: entering group redundant
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "testtest"
rlm_ldap: user DN: uid=testuser,ou=radius,c=hk
rlm_ldap: (re)connect to freeradius.hku.hk:389, authentication 1
rlm_ldap: bind as uid=testuser,ou=radius,c=hk/testtest to
freeradius.hku.hk:389
rlm_ldap: waiting for bind result ...
modcall[authenticate]: module "first_ldap" returns reject
modcall: group redundant returns reject
modcall: group Auth-Type returns reject
auth: Failed to validate the user.
Login incorrect (rlm_ldap: Bind as user failed): [testuser/testtest]
(from client ppp-29642300 port 21)
radiusd.config file:
module {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
ms_chap {
authtype = MS-CHAP
etc ...
}
ldap first_ldap {
server = "freeradius.hku.hk"
identity = "cn=administrator,c=hk"
password = 123456
basedn = "ou=radius,c=hk"
etc ...
}
}
authorize {
chap
redundant {
first_ldap {
notfound = return
}
second_ldap {
notfound = return
}
handled
}
files
mschap
}
authenticate {
Auth-Type LDAP {
# ldap
redundant {
first_ldap
second_ldap
}
}
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
users file:
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
