EAP-MD5 with LDAP

Rohaizam Abu Bakar Fri, 23 Jun 2006 10:06:21 -0700

Hi..

Using FB 6.0
FR 1.0.5


trying to configure EAP-MD5  with LDAP backend...

But it keep reporting:

rlm_ldap: Attribute "User-Password" is required for authentication.

No EAP been processed...

please see full debug log below..

Below is my config with multiple DEFAULT entry... for Wireless services &normal Dialup authentication




i) users
  =====

DEFAULT NAS-Identifier == "Wireless-802.11", Autz-Type := Y5,Auth-Type :=Y5

  DEFAULT         Autz-Type := LDAP, Auth-Type := LDAP

ii) eap.conf
   ========
   eap {
       default_eap_type = md5
       }
       md5 {
       }
   }


iii) radiusd.conf
    ============

    $INCLUDE ${confdir}/eap.conf

    authorize {
       eap

       Autz-Type LDAP {
            ldap1
       }
       Autz-Type Y5 {
            ldapy51
       }
    }


    authenticate {

       Auth-Type LDAP {
             ldap1
       }
      Auth-Type Y5 {
            ldapy51
       }
    eap
    }


       ldap ldap1 {
               server = "localhost"
               identity = "cn=root,dc=jaring,dc=my"
               password = xxxxxx
               basedn = "ou=RADIUS,ou=People,dc=jaring,dc=my"
               filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
               start_tls = no
               access_attr = "dialupAccess"
               dictionary_mapping = ${raddbdir}/ldap.attrmap
               ldap_connections_number = 10
               password_attribute = userPassword
               timeout = 4
               timelimit = 3
               net_timeout = 1
       }

    ldap ldapy51 {
               server = "localhost"
               identity = "cn=root,dc=jaring,dc=my"
               password = xxxxxx
               basedn = "ou=Y5,ou=People,dc=jaring,dc=my"
               filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
               start_tls = no
               access_attr = "dialupAccess"
               dictionary_mapping = ${raddbdir}/ldap.attrmap
               ldap_connections_number = 10
               password_attribute = userPassword
               timeout = 4
               timelimit = 3
               net_timeout = 1
       }



rad_recv: Access-Request packet from host 202.73.10.12:1814, id=133,
length=197
       Framed-MTU = 1466
       NAS-IP-Address = 10.220.0.2
       NAS-Identifier = "OCEPOP"
       User-Name = "jaroce"
       Service-Type = Framed-User
       NAS-Port = 129
       NAS-Port-Type = Ethernet
       NAS-Port-Id = "ether9_129"
       Called-Station-Id = "00-11-95-e1-ce-8a"
       Calling-Station-Id = "00-13-46-86-c3-93"
       Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
       EAP-Message = 0x02020015016a61726f6365406d793031352e636f6d
       Message-Authenticator = 0x6d5b3fff40ff4c920b88d100ed80a209
       Proxy-State = 0x3433
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module "preprocess" returns ok for request 1
 modcall[authorize]: module "chap" returns noop for request 1
 modcall[authorize]: module "mschap" returns noop for request 1
   rlm_realm: No '/' in User-Name = "jaroce", skipping NULL due to
config.
 modcall[authorize]: module "IPASS" returns noop for request 1
   rlm_realm: No '@' in User-Name = "jaroce", looking up realm NULL
   rlm_realm: Found realm "NULL"
   rlm_realm: Adding Stripped-User-Name = "jaroce"
   rlm_realm: Proxying request from user jaroce to realm NULL
   rlm_realm: Adding Realm = "NULL"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for request 1
 rlm_eap: EAP packet type response id 2 length 21
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 modcall[authorize]: module "eap" returns updated for request 1
   users: Matched entry DEFAULT at line 68
 modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
 Processing the authorize section of radiusd.conf
modcall: entering group Autz-Type for request 1
modcall: entering group redundant for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce
radius_xlat:  '(uid=jaroce)'
radius_xlat:  'ou=RADIUS,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce)
rlm_ldap: checking if remote access for jaroce is allowed by dialupAccess
rlm_ldap: Added password j4r1ng in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP &
op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
 modcall[authorize]: module "ldap1" returns ok for request 1
modcall: group redundant returns ok for request 1
modcall: group Autz-Type returns ok for request 1
 rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 1
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
 modcall[authenticate]: module "ldap1" returns invalid for request 1
modcall: group redundant returns invalid for request 1
modcall: group Auth-Type returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [jaroce] (from client OCE_JARING port 129 cli

00-13-46-86-c3-93)

-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-MD5 with LDAP

Reply via email to