Hi,
I am running freeradius snapshot 20030922. I need to get pap working
with ldap. How do I set the password attribute for pap? Where do I look
in the docs to provide this info? Below are my settings. Any help would
be
greatly appreciated.
radiusd:
ldap {
server = "10.5.10.215"
password = n0neshall
basedn = "ou=academics,o=dbu"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
#default_profile =
"cn=radprofile,ou=dialup,o=MyOrg,c=UA"
profile_attribute = "ou=academics,o=dbu"
#access_attr = "rADIUSEnableDialAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#password_header = "{clear}"
password_attribute = User-Password
#groupname_attribute = cn
#groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
#groupmembership_attribute = radiusGroupName
timeout = 10
timelimit = 10
net_timeout = 10
#compare_check_items = yes
#access_attr_used_for_allow = no
}
authorize {
files
ldap
}
# Authentication.
#
authenticate {
authtype pap {
pap
}
ldap
}
users:
DEFAULT Auth-Type := pap
# Fall-Through = 1
radius debug output:
rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164,
length=126
User-Name = "install"
Framed-MTU = 1400
Called-Station-Id = "000d.bd43.d9a8"
Calling-Station-Id = "0040.9645.c07a"
Message-Authenticator = 0x1c8d63f0b65665959e64db7f67bb883c
EAP-Message = 0x0201000c01696e7374616c6c
NAS-Port-Type = Virtual
NAS-Port = 341
NAS-IP-Address = 10.5.50.115
NAS-Identifier = "TESTAP1"
modcall: entering group authorize
users: Matched DEFAULT at 182
modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat: '(uid=install)'
radius_xlat: 'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type pap
auth: type "PAP"
modcall: entering group authtype
rlm_pap: Attribute "Password" is required for authentication.
modcall[authenticate]: module "pap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Login incorrect: [install/<no User-Password attribute>] (from client
testap1 port 341 cli 0040.9645.c07a)
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
rick...
Rom.5:8
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
