On Fri, 2 Apr 2004, Kostas Kalevras wrote:
> On Thu, 1 Apr 2004, Ron Wahler wrote:
>
> > Is there a way to pass the current user and his password (assuming
> > password in the clear) to the identity and password field, so the user
> > can bind
> > On there own account?
> >
> > So something like
> >
> >
> > identity = "%{Stripped-User-Name:-%{User-Name}"
> > password = "%{User-Password}"
>
> In general identity/password is used for ldap searches, NOT for ldap
> authentication. It is used to find the user dn from the provided username. If
> you put the ldap module in the authenticate section it will do a bind with the
> userdn/password and verify the user password.
I am actually doing some local tests until I get a wireless NAS (I would
like to test EAP/TTLS then).
I can connect to the LDAP database and check that the user I supplied with
radtest exists (read access anonymous granted) and I would like to check
user password for authentication (sent in cleartest with radtest, stored
in clear text in the ldap database).
in radiusd.conf, I got uncommented
Auth-Type LDAP {
ldap
}
but when authenticating with user password rlm_ldap bind fails
I read in RFC that between the NAS and freeradius User-Password is MD5
crypted whith shared secret Xored. Would this mean I can't test locally with
radtest ?
Thanks for help,
sylvie
-------------------------------------------------------------------
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dupont
radius_xlat: '(uid=dupont)'
radius_xlat: 'dc=upmc,dc=fr'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=admin,dc=upmc,dc=fr/ to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=upmc,dc=fr, with filter (uid=dupont)
rlm_ldap: checking if remote access for dupont is allowed by dialupAccess
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dupont authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "dupont" with password "truc"
rlm_ldap: user DN: uid=dupont, dc=upmc, dc=fr
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=dupont, dc=upmc, dc=fr/truc to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
modcall[authenticate]: module "ldap" returns reject for request 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
