> Hi > > I tried to run fr with LDAP and MYSQL. It works with EAP/TLS fine, but > with local Auth in the users file. > Now I added into radiusd.conf > > ---------------------------------- > authorize { > # > #preprocess > #chap > #mschap > #auth_log > ldap > #eap > #files > # checkval > } > authenticate { > #unix > #eap > authtype LDAP { > ldap > } > }
> rad_recv: Access-Request packet from host 172.16.98.41:32784, id=1, > length=156 > User-Name = "testuser" > NAS-IP-Address = 172.16.98.41 > Called-Station-Id = "00-0C-84-01-04-F8" > Calling-Station-Id = "00-30-65-05-3A-AF" > NAS-Identifier = "x2250" > NAS-Port = 200000 > Framed-MTU = 1492 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 11Mbps 802.11b" > EAP-Message = 0x0201000d017465737475736572 > Message-Authenticator = 0x5306b5e2bcf4bf4f0312fac8808776b3 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for testuser > radius_xlat: '(uid=testuser)' > radius_xlat: 'ou=people,dc=qa,dc=bintec,dc=de' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 172.16.98.52:389, authentication 0 > rlm_ldap: bind as cn=manager,dc=qa,dc=bintec,dc=de/test to > 172.16.98.52:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in ou=people,dc=qa,dc=bintec,dc=de, with > filter (uid=testuser) > rlm_ldap: Added password testing123 in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user testuser authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authtype for request 0 > rlm_ldap: - authenticate > rlm_ldap: Attribute "User-Password" is required for authentication. > modcall[authenticate]: module "ldap" returns invalid for request 0 > modcall: group authtype returns invalid for request 0 > auth: Failed to validate the user. > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 1 to 172.16.98.41:32784 > -------------------- > > After all there's the Access-reject. > > My radiusd.conf for LDAP > > $INCLUDE ${confdir}/eap.conf > > mschap { > authtype = MS-CHAP > use_mppe = yes > require_encryption = yes > require_strong = yes > } > > ldap { > server = "172.16.98.52" > #identity = "cn=manager,ou=people,dc=qa,dc=bintec,dc=de" > identity = "cn=manager,dc=qa,dc=bintec,dc=de" > password = <password> > basedn = "ou=people,dc=qa,dc=bintec,dc=de" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > password_attribute = "userPassword" > start_tls = no > dictionary_mapping = ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > # access_attr = "dialupAccess" > timeout = 4 > timelimit = 3 > net_timeout = 1 > > > > > > May be there's a mistake ? And someone can kindly open my eyes ? > > thx in advance > > regards > > [EMAIL PROTECTED] > Since you are sending EAP, you should uncomment eap in both the authorization and authentication section. See what that does for you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html