So maybe it's a NAS problem. Are you sure that the NAS is sending the userpassword in the request ?
-- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] De la > part de guest01 > Envoyé : mardi 8 mars 2005 16:16 > À : freeradius-users@lists.freeradius.org > Objet : Re: rlm_ldap - Attribute "User-Password" is required > for authentication > > Sébastien Cantos wrote: > > >>I had the same problem a few weeks ago. In fact the ldap > wasn't returning > >>the user-password so it wasn't working. Chack with > ldapsearch to make the > >>querry directly to the ldap as if you were the radius and I > think that you > >>will see that the userpassword is not returned. > > > > > Thxs for your help, but it still doesn't work .... :-( > > Ok, I store the passwords in cleartext (just base64encoded), > ldapsearch > works: > > ldapsearch -x -D "cn=Manager,dc=gibraltar,dc=local" -w secret > "(&(objectclass=gibraltaruser)(uid=testuser))" userPassword > # extended LDIF > # > # LDAPv3 > # base <> with scope sub > # filter: (&(objectclass=gibraltaruser)(uid=testuser)) > # requesting: userPassword > # > > # testuser, users, gibraltar.local > dn: uid=testuser,ou=users,dc=gibraltar,dc=local > userPassword:: MTIzNDU2 > > # search result > search: 2 > result: 0 Success > > > >Make sure that the user/password in radiusd.conf for the > user that will make > >the search in the ldap is valid. I think that the radius is binding > >anonymously on the ldap so it can read passwords. Another > thing to note is > >that you have to store passwords in clear text into the ldap. > > > ldap { > > server = "myserver.mydomain.com" > > identity = > >"cn=some_user_that_can_read_passwords_on_the_ldap" > > password = "password_for_this_user" > > .... > > hm, my LDAP is still in testing, therefor everyone is allowed > everthing... But I also tried it > with the rootdn, but no difference. But I don't think thats > the problem, > because the > authorization-part works fine, "user testuser authorized to use remote > access", > just that damned authentication part ... > > rad_recv: Access-Request packet from host 127.0.0.1:1025, > id=55, length=54 > Service-Type = Framed-User > Framed-Protocol = PPP > User-Name = "testuser" > NAS-IP-Address = 69.25.27.173 > NAS-Port = 0 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > users: Matched DEFAULT at 153 > users: Matched DEFAULT at 172 > users: Matched DEFAULT at 185 > modcall[authorize]: module "files" returns ok for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for testuser > radius_xlat: '(&(objectclass=gibraltarUser)(uid=testuser))' > radius_xlat: 'ou=users,dc=gibraltar,dc=local' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to localhost:389, authentication 0 > rlm_ldap: bind as cn=Manager,dc=gibraltar,dc=local/secret to > localhost:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in ou=users,dc=gibraltar,dc=local, with > filter (&(objectclass=gibraltarUser)(uid=testuser)) > rlm_ldap: checking if remote access for testuser is allowed > by isVPNUser > rlm_ldap: performing search in > uid=testuser,ou=radius,dc=gibraltar,dc=local, with filter > (objectclass=radiusprofile) > rlm_ldap: Adding radiusAuthType as Auth-Type, value LDAP & op=21 > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user testuser authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > Processing the authenticate section of radiusd.conf > modcall: entering group Auth-Type for request 0 > rlm_ldap: - authenticate > rlm_ldap: Attribute "User-Password" is required for authentication. > modcall[authenticate]: module "ldap" returns invalid for request 0 > modcall: group Auth-Type returns invalid for request 0 > auth: Failed to validate the user. > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 55 to 127.0.0.1:1025 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 55 with timestamp 422dc076 > Nothing to do. Sleeping until we see a request. > > Any other ideas? How did you solve your problem? > > > regards > peda > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
