Re: FreeRADIUS + OpenLDAP + NAS (it?s make me crazy!!! please HELP)

2008-03-20 Thread Koko Kurniawan 
Thank you...

now it works and success.

but if my client disconnect and reconnect again, now it doesn't need to input 
user name and password again. It's  directly  connected ..

Is it  right??? 
   
-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS + OpenLDAP + NAS (it�s make me crazy!!!please HELP!!!)

2008-03-19 Thread Koko Kurniawan 
Please, help me..

I am confuse

why my freeradius server can´t detect the password that i write on the client?
I am use OpenLDAP for the database

rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76, length=83
User-Name = htrisnadi
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000e0168747269736e616469
NAS-IP-Address = 10.10.53.100
Message-Authenticator = 0x4e8851c2f8e7f31d426d4a853af3ef1d

...

auth: type LDAP
  Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 1
rlm_ldap: - authenticate
rlm_ldap: Attribute User-Password is required for authentication.
  modcall[authenticate]: module ldap returns invalid for request 1
modcall: leaving group LDAP (returns invalid) for request 1
auth: Failed to validate the user.
Login incorrect: [htrisnadi/no User-Password attribute] (from client liv1 
port 0)


There is no User-Password in there. 
Should i change the configuration? in which file?


 
   
-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.
   
-
Looking for last minute shopping deals?  Find them fast with Yahoo! Search.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS + OpenLDAP + NAS (it�s make me crazy!!! please HELP!!!)

2008-03-19 Thread Koko Kurniawan 
thanks for the answer,
i want ask something
what do you mean about  the password is NOT in the RADIUS packet??

so where is the user-password?? 

i have removed Auth-Type := LDAP in users..
it´s still not working. what must i do?

LDAP doesn´t know EAP, so what kind of authentication i must use. 

can you give me suggestion the ideal configuration for my FreeRADIUS + OpenLDAP 
so that the authentication be performed successfully.

i will show you my freeradius log, and i hope you will correct that

Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file:
 /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
 main: prefix = /usr
 main: localstatedir = /var
 main: logdir = /var/log/radius
 main: libdir = /usr/lib/freeradius
 main: radacctdir = /var/log/radius/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /var/log/radius/radius.log
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = /var/run/radiusd/radiusd.pid
 main: user = radius
 main: group = radius
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/sbin/checkrad
 main: proxy_requests = yes
 proxy: retry_delay =
 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
 exec: wait = yes
 exec: program = (null)
 exec: input_pairs = request
 exec: output_pairs = (null)
 exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module:
 Loaded PAP
 pap: encryption_scheme = crypt
 pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: with_ntdomain_hack = no
 mschap: passwd = (null)
 mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded Pam
 pam: pam_auth = radiusd
Module: Instantiated pam (pam)
Module: Loaded System
 unix: cache = no
 unix: passwd = (null)
 unix: shadow = /etc/shadow
 unix: group = (null)
 unix: radwtmp = /var/log/radius/radwtmp
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
 ldap: server = localhost
 ldap: port = 389
 ldap: net_timeout = 1
 ldap: timeout = 4
 ldap: timelimit = 3
 ldap: identity = 
 ldap: tls_mode = no

 ldap: start_tls = no
 ldap: tls_cacertfile = (null)
 ldap: tls_cacertdir = (null)
 ldap: tls_certfile = (null)
 ldap: tls_keyfile = (null)
 ldap: tls_randfile = (null)
 ldap: tls_require_cert = allow
 ldap: password = 
 ldap: basedn = dc=aiueo,dc=com
 ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}})
 ldap: base_filter = (objectclass=radiusprofile)
 ldap: default_profile = (null)
 ldap: profile_attribute = (null)
 ldap: password_header = {CRYPT}
 ldap: password_attribute = userPassword
 ldap: access_attr = (null)
 ldap: groupname_attribute = cn
 ldap: groupmembership_filter = 
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
 ldap: groupmembership_attribute = (null)
 ldap: dictionary_mapping = /etc/raddb/ldap.attrmap
 ldap: ldap_debug = 0
 ldap: ldap_connections_number = 5
 ldap:
 compare_check_items = no
 ldap: access_attr_used_for_allow = yes
 ldap: do_xlat = yes
 ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT