Re: Using mschap authentication without EAP

Thu, 20 Jul 2006 12:09:33 -0700 

rad_recv: Access-Request packet from host 127.0.0.1:32801, id=0, length=217
       User-Name = "misterc"
       CHAP-Challenge = 0xa26932d73791f27d1314426f740ab34e
       CHAP-Password = 0x002e07a2cc1f27e7fbd22e7bb3721a3986
       NAS-IP-Address = 0.0.0.0
       Service-Type = Login-User
       Framed-IP-Address = 192.168.182.2
       Calling-Station-Id = "XX-XX-XX-XX-XX-XX"
       Called-Station-Id = "AA-AA-AA-AA-DD-AA"
       NAS-Identifier = "nas01"
       Acct-Session-Id = "44bfd15d00000000"
       NAS-Port-Type = Wireless-802.11
       NAS-Port = 0
       Message-Authenticator = 0xf61479bee3c987c66cca254dcfa39c0a
       WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff";




Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: - authorize
Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: performing user authorization
for misterc
Thu Jul 20 20:54:50 2006 : Debug: radius_xlat:  '(uid=misterc)'
Thu Jul 20 20:54:50 2006 : Debug: radius_xlat:  'ou=utenti,dc=XXXX,dc=it'


Ok rlm_ldap is initialized



Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: bind as / to 192.168.1.221:389
Thu Jul 20 20:54:50 2006 : Debug: rlm_ldap: waiting for bind result ...
Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: Bind was successful


bind to the directory is Ok


Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: performing search in
ou=utenti,dc=XXXX,dc=it, with filter (uid=misterc)
Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: object not found or got
ambiguous search result
Thu Jul 20 20:54:51 2006 : Debug: rlm_ldap: search failed


Ah...
Seems that the used bound to the ldap directory can't find uid=misterc in ou=utenti,dc=XXXX,dc=it 



Thu Jul 20 20:54:51 2006 : Debug: auth: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user


So Auth-Type isn't setted to Ldap


Thu Jul 20 20:54:51 2006 : Debug: auth: Failed to validate the user.


This is logical


   ldap {
               server="192.168.1.221"
               port="389"
               basedn="ou=utenti,dc=uniroma1,dc=it"
               filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
               start_tls = no
          access_attr = "uid"
               dictionary_mapping = ${raddbdir}/ldap.attrmap
               authtype = ldap
               ldap_connections_number = 5
               password_header = "{SHA}"
               password_attribute = userPassword
                }
          }
Well isn't it a pb of rights ? Is the anonymous user able to search the openldap directory for users entries ? 

What is the result of a simple "ldapsearch" with the same ldap filter.


If you need any other information please ask us; sorry if we are boring you
but we are trying and trying without any significant result.
Thanks.


Have you got ACLs in your openldap directory configuration files ?

Regards,
Thibault
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to