Very strange I didn't get this email ?
See my comments below:
> Thibault Le Meur ha scritto:
> >> >> But the output now is:
> >> >>
> >> >> rad_recv: Access-Request packet from host
> 127.0.0.1:1030, id=65,
> >> >> length=54
> >> >> Service-Type = Framed-User
> >> >> Framed-Protocol = PPP
> >> >> User-Name = "peppeska"
> >> >> NAS-IP-Address = 127.0.0.1
> >> >> NAS-Port = 0
> >> >>
> >> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> >> - ->Where is User-Password attribute?
> >> >> - ------------------------------------------------
> > >
> > > A good question indeed, that one should be asked to your NAS ;-)
> > >
> > > It's up to the NAS to send User-Password: unless it is setup to do
> > > else (for instance MSCHAP).
> > >
> > > Have you setup ppp to use mschap (require-mschap-v2 option) ? Are
> > > you using the radiusclient library ?
Ok so that your NAS don't have to send User-Password but a MS-CHAP challenge
instead: that's what I thought.
> > > If yes, could you check that you radiusclient dictionnary file
> > > includes Microsoft attributes:
> > > * check the "dictionary <path-to-dict-file>" line of
> > > /etc/radiusclient-ng/radiusclient.conf file (or
> > > /etc/radiusclient/radiusclient.conf file)
> > > * check that the file <path-to-dict-file> contains a reference to
> > > other dictionnary files such as: INCLUDE
> > > /usr/share/radiusclient-ng/dictionary.merit
> > > INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
> > > * check that you have these 2 extra dictionnary files (especially
> > > the microsoft one) ==> I've attached the two files
> in my radiusclient.conf there is:
> # dictionary of allowed attributes and values
> # just like in the normal RADIUS distributions
> dictionary /etc/radiusclient/dictionary
> and in the dictonary file:
> $INCLUDE /etc/radiusclient/dictionary.microsoft
> $INCLUDE /etc/radiusclient/dictionary.ascend
> $INCLUDE /etc/radiusclient/dictionary.compat
> $INCLUDE /etc/radiusclient/dictionary.merit
> $INCLUDE /usr/share/freeradius/dictionary
Don't write "$INCLUDE" but "INCLUDE" without the "$": this is the syntax for
> But... whitout declaretion of Default Auth-Type in the users file:
> rlm_ldap: user peppeska authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [peppeska/<no User-Password attribute>]
> (from client localhost port 0) Delaying request 0 for 1
> seconds Finished request 0
Sure, because Auth-Type must be set to MS-CHAP (automatically, don't use
Auth-Type:=): this will be the case if FR receives MS-CHAP challenge.
But this can work only if radiusclient knows the MS-CHAP Radius attributes,
which is not the case for the momenet (see above the INCLUDE issue).
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html