> Hi
>
> I tried to run fr with LDAP and MYSQL. It works with EAP/TLS fine, but
> with local Auth in the users file.
> Now I added into radiusd.conf
>
> ----------------------------------
> authorize {
> #
> #preprocess
> #chap
> #mschap
> #auth_log
> ldap
> #eap
> #files
> # checkval
> }
> authenticate {
> #unix
> #eap
> authtype LDAP {
> ldap
> }
> }
> rad_recv: Access-Request packet from host 172.16.98.41:32784, id=1,
> length=156
> User-Name = "testuser"
> NAS-IP-Address = 172.16.98.41
> Called-Station-Id = "00-0C-84-01-04-F8"
> Calling-Station-Id = "00-30-65-05-3A-AF"
> NAS-Identifier = "x2250"
> NAS-Port = 200000
> Framed-MTU = 1492
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 11Mbps 802.11b"
> EAP-Message = 0x0201000d017465737475736572
> Message-Authenticator = 0x5306b5e2bcf4bf4f0312fac8808776b3
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat: '(uid=testuser)'
> radius_xlat: 'ou=people,dc=qa,dc=bintec,dc=de'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 172.16.98.52:389, authentication 0
> rlm_ldap: bind as cn=manager,dc=qa,dc=bintec,dc=de/test to
> 172.16.98.52:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=people,dc=qa,dc=bintec,dc=de, with
> filter (uid=testuser)
> rlm_ldap: Added password testing123 in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user testuser authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authtype for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group authtype returns invalid for request 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 1 to 172.16.98.41:32784
> --------------------
>
> After all there's the Access-reject.
>
> My radiusd.conf for LDAP
>
> $INCLUDE ${confdir}/eap.conf
>
> mschap {
> authtype = MS-CHAP
> use_mppe = yes
> require_encryption = yes
> require_strong = yes
> }
>
> ldap {
> server = "172.16.98.52"
> #identity = "cn=manager,ou=people,dc=qa,dc=bintec,dc=de"
> identity = "cn=manager,dc=qa,dc=bintec,dc=de"
> password = <password>
> basedn = "ou=people,dc=qa,dc=bintec,dc=de"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> password_attribute = "userPassword"
> start_tls = no
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> # access_attr = "dialupAccess"
> timeout = 4
> timelimit = 3
> net_timeout = 1
>
>
>
>
>
> May be there's a mistake ? And someone can kindly open my eyes ?
>
> thx in advance
>
> regards
>
> [EMAIL PROTECTED]
>
Since you are sending EAP, you should uncomment eap in both the
authorization and authentication section. See what that does for you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
