Re: FreeRADIUS + OpenLDAP + NAS (it?s make me crazy!!! please HELP)
Thank you... now it works and success. but if my client disconnect and reconnect again, now it doesn't need to input user name and password again. It's directly connected .. Is it right??? - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS + OpenLDAP + NAS (it�s make me crazy!!!please HELP!!!)
Please, help me.. I am confuse why my freeradius server can´t detect the password that i write on the client? I am use OpenLDAP for the database rad_recv: Access-Request packet from host 10.10.53.100:1812, id=76, length=83 User-Name = htrisnadi Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000e0168747269736e616469 NAS-IP-Address = 10.10.53.100 Message-Authenticator = 0x4e8851c2f8e7f31d426d4a853af3ef1d ... auth: type LDAP Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 1 rlm_ldap: - authenticate rlm_ldap: Attribute User-Password is required for authentication. modcall[authenticate]: module ldap returns invalid for request 1 modcall: leaving group LDAP (returns invalid) for request 1 auth: Failed to validate the user. Login incorrect: [htrisnadi/no User-Password attribute] (from client liv1 port 0) There is no User-Password in there. Should i change the configuration? in which file? - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - Looking for last minute shopping deals? Find them fast with Yahoo! Search.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + OpenLDAP + NAS (it�s make me crazy!!! please HELP!!!)
thanks for the answer, i want ask something what do you mean about the password is NOT in the RADIUS packet?? so where is the user-password?? i have removed Auth-Type := LDAP in users.. it´s still not working. what must i do? LDAP doesn´t know EAP, so what kind of authentication i must use. can you give me suggestion the ideal configuration for my FreeRADIUS + OpenLDAP so that the authentication be performed successfully. i will show you my freeradius log, and i hope you will correct that Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radius main: group = radius main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded Pam pam: pam_auth = radiusd Module: Instantiated pam (pam) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = localhost ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = (null) ldap: tls_cacertdir = (null) ldap: tls_certfile = (null) ldap: tls_keyfile = (null) ldap: tls_randfile = (null) ldap: tls_require_cert = allow ldap: password = ldap: basedn = dc=aiueo,dc=com ldap: filter = (uid=%{Stripped-User-Name:-%{User-Name}}) ldap: base_filter = (objectclass=radiusprofile) ldap: default_profile = (null) ldap: profile_attribute = (null) ldap: password_header = {CRYPT} ldap: password_attribute = userPassword ldap: access_attr = (null) ldap: groupname_attribute = cn ldap: groupmembership_filter = (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) ldap: groupmembership_attribute = (null) ldap: dictionary_mapping = /etc/raddb/ldap.attrmap ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT