problem authing via LDAP

[Scott J. Wolke]

Hey All,
Trying to get things working here.....I've successfully authenticated 
Win XP using PEAP with a local test acct and am now trying to 
authenticate against LDAP.  I can't get past the users files calling for 
LDAP.  I keep getting following error. 

 rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
 ERROR: Unknown value specified for Auth-Type.  Cannot perform 
requested action.

auth: Failed to validate the user.

Any idea's guys? Here is a quick run down of the system I'm running.
OpenBSD 3.5 running Freeradius 1.0.1 trying to auth against SunONE 
Directory Server via LDAP

below is debugging followed by the conf files.
*********Debugging***********
rad_recv: Access-Request packet from host 10.6.3.19:1024, id=91, length=109
       NAS-IP-Address = 10.6.3.19
       NAS-Port-Type = Ethernet
       Service-Type = Framed-User
       Message-Authenticator = 0xc88be5ded4b4f5bc79837c4c6e94615e
       NAS-Port = 11
       Framed-MTU = 1490
       User-Name = "Wolkes"
       Calling-Station-Id = " 0- F-1F-15-67-F1"
       EAP-Message = 0x0202000b01576f6c6b6573
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 modcall[authorize]: module "chap" returns noop for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: No '@' in User-Name = "Wolkes", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: EAP packet type response id 2 length 11
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 modcall[authorize]: module "eap" returns updated for request 0
   users: Matched DEFAULT at 152
   users: Matched DEFAULT at 155
   users: Matched DEFAULT at 174
 modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
 rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
 ERROR: Unknown value specified for Auth-Type.  Cannot perform 
requested action.

auth: Failed to validate the user.
Login incorrect: [Wolkes] (from client bsd port 11 cli  0- F-1F-15-67-F1)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...

*********users**********

#
# The rest of this file contains the several DEFAULT entries.
# DEFAULT entries match with all login names.
# Note that DEFAULT entries can also Fall-Through (see first entry).
# A name-value pair from a DEFAULT entry will _NEVER_ override
# an already existing name-value pair.
#
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = System
       Fall-Through = 1
DEFAULT Auth-Type := LDAP
       Fall-Through = 1
#
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "alphen"
#               Framed-IP-Address = 192.168.1.32+,
#               Fall-Through = Yes
#DEFAULT        Service-Type == Framed-User, Huntgroup-Name == "delft"
#               Framed-IP-Address = 192.168.2.32+,
#               Fall-Through = Yes
#
# Defaults for all framed connections.
#
DEFAULT Service-Type == Framed-User
       Framed-IP-Address = 255.255.255.254,
       Framed-MTU = 576,
       Service-Type = Framed-User,
       Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
#       by the terminal server in which case there may not be a "P" suffix.
#       The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol == PPP
       Framed-Protocol = PPP,
       Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint == "CSLIP"
       Framed-Protocol = SLIP,
       Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT Hint == "SLIP"
       Framed-Protocol = SLIP
#
# Last default: rlogin to our main server.
#
#DEFAULT
#       Service-Type = Login-User,
#       Login-Service = Rlogin,
#       Login-IP-Host = shellbox.ispdomain.com
# #
# # Last default: shell on the local terminal server.
# #
# DEFAULT
#       Service-Type = Shell-User
# On no match, the user is denied access.
wolke           Auth-Type := EAP, User-Password == "sukhoi"

***********radius.conf***********
       # Lightweight Directory Access Protocol (LDAP)
       #
       #  This module definition allows you to use LDAP for
       #  authorization and authentication (Auth-Type := LDAP)
       #
       #  See doc/rlm_ldap for description of configuration options
       #  and sample authorize{} and authenticate{} blocks
       ldap {
               server = "ldap.findlay.edu"
               # identity = "dc=findlay,dc=edu"
               # password = mypass
               basedn = "dc=findlay,dc=edu"
               filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
               # base_filter = "(objectclass=radiusprofile)"

               # set this to 'yes' to use TLS encrypted connections
               # to the LDAP database by using the StartTLS extended
               # operation.
               # The StartTLS operation is supposed to be used with normal
               # ldap connections instead of using ldaps (port 689) 
connections

               start_tls = no

               # tls_cacertfile        = /path/to/cacert.pem
               # tls_cacertdir         = /path/to/ca/dir/
               # tls_certfile          = /path/to/radius.crt
               # tls_keyfile           = /path/to/radius.key
               # tls_randfile          = /path/to/rnd
               # tls_require_cert      = "demand"

               # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
               # profile_attribute = "radiusProfileDn"
               # directory attributes.
               dictionary_mapping = ${raddbdir}/ldap.attrmap

               ldap_connections_number = 5

               #
               # NOTICE: The password_header directive is NOT case 
insensitive

               #
               # password_header = "{clear}"
               #
               #  The server can usually figure this out on its own, 
and pull

               #  the correct User-Password or NT-Password from the 
database.

               #
               #  Note that NT-Passwords MUST be stored as a 32-digit hex
               #  string, and MUST start off with "0x", such as:
               #
               #       0x000102030405060708090a0b0c0d0e0f
               #
               #  Without the leading "0x", NT-Passwords will not work.
               #  This goes for NT-Passwords stored in SQL, too.
               #
               # password_attribute = userPassword
               # groupname_attribute = cn
               # groupmembership_filter = 
"(|(&(objectClass=GroupOfNames)(membe

r=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}
)))"
               # groupmembership_attribute = radiusGroupName
               timeout = 4
               timelimit = 3
               net_timeout = 1
               # compare_check_items = yes
               # do_xlat = yes
               # access_attr_used_for_allow = yes

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html