Hi Alan, thanks for your reply
Alan Dekok wrote :
If the LDAP server gives FreeRADIUS the clear-text password, then CHAP
should work.
yes the LDAP server already gave clear text password, you can see in the debug
below
rad_recv: Access-Request packet from host 192.168.8.88:4609, id=30,
length=48
User-Name = "testing"
CHAP-Password = 0x30e3e28c521fe0d81b988d2475dae76f3f
------------cut--------------.
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by dialupAccess
rlm_ldap: Password header not found in password Testing1 for user testing
And does CHAP work for this user?
no... what I mean is the module ldap (rlm_ldap) could see the password for user
testing.... that is Testing1 ( yes this is the password )
the LDAP should pass this clear text password ( Testing1 ) for module CHAP to
authenticate
also there is clue
where parameter like
password_header = "{clear}"
password_attribute = userPassword
password_radius_attribute = "User-Password"
must be set.... but how?
in the "ldap" section of radiusd.conf, where the LDAP parameters are
configured.
yes I've configure that string in radiusd.conf section ldap...
for password_attribute, clearly it must contain userPassword ( attribute the LDAP server keeps the password )
but how about password_radius_attribute ? from the faq
password_radius_attribute is radius attribute where the user password will be
stored after being extracted from LDAP
is password_radius_attribute should contain string "User-Password" or "Clear-text
Password" or maybe "CHAP-Password? what attribute does CHAP read for authentication?
i'm still trying to read the code ( like rlm_chap.c ) to see what
attribut does rlm_chap read for the password that was passed by the
module ldap. but it is so arcane and "debuging code twice hard as
writing the code at first place"
Don't read the code. It won't help you.
yeah... it killing me ( the code ) :D
anyone has solution for this matter?
Try installing 2.0.5 in a separate directory and configuring it. Odds
are it will work.
in time I will try install it, but if i can't make this ( LDAP CHAP ) clear...
definitely I will encounter the same problem again :)
Thank You
Ryan Setiawan H
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject
to legal privilege. Any unauthorized use, copying, disclosure or communicating
any part of it to others is strictly prohibited and may be unlawful. If you are
not the intended recipient you must not use, copy, distribute or rely on this
email and should please return it immediately to the sender or notify us and
delete the email and any attachments from your system. We cannot accept
liability for loss or damage resulting from computer viruses. The integrity of
email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not
accept liability for any claims arising as a result of the use of this medium
for transmissions by or to PT BANK NISP, Tbk.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
