Re: Doubt - Freeradius + Ldap
sorry, but where i checked the shared secret? in clients.conf?
if yes, secret is ok!
thanks for any help.
On 11/04/2010 09:51 AM, eduardo moreira wrote:
SOrry about this mail Josip, but i checked again my clients.conf, and
i put conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
secret = password
shortname = any
nastype = other
}
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
And i see log of debug and receive this message:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.12.60.19 port 50105,
id=100, length=73
User-Name = username
User-Password = c\355W'\021tC\372\177R\232(\007\027n\263
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user
authorization for username
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) - (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b -
dc=a,dc=a,dc=c,dc=b
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP
connection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as
cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra
proxy.intra localhost:389
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password =
{crypt}tg/iHj5yM2iXI in check items
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
userPassword as RADIUS attribute Password-With-Header ==
{crypt}tg/iHj5yM2iXI
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambantPassword as RADIUS attribute NT-Password ==
0x3738463934413643303931413730423936454135373046344341353438304531
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambalmPassword as RADIUS attribute LM-Password ==
0x3743414142444638393134314430423841414433423433354235313430344545
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as
RADIUS attribute Group == username
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized
to use remote access
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release
Id: 0
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from ldap (rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from eap (rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from chap (rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop
Thu Nov 4
Re: Doubt - Freeradius + Ldap
On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
There's many a slip 'twixt the cup and the lip I promise you'll want to kick yourself when you find the simple difference after so many messages. Many of us have the grace to go through this necessarily humbling exercise in private. On 2010-11-05 2:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? if yes, secret is ok! thanks for any help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the root prefix is different. If you build yourself the $prefix defaults to /usr/local, but (most?) all prebuilt packages use $prefix of /usr. That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
Thanks john , i install in debian server, default config, apt-get install Directory is: /etc/freeradius ; Sorry, im newbie, but before i configure ldap module freeradius work, after configure ldap module, no way to connect, certain my problem stays with module ldap, authentication ... But dont see where ... Thanks for u reply. On 11/05/2010 05:17 PM, John Dennis wrote: On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the root prefix is different. If you build yourself the $prefix defaults to /usr/local, but (most?) all prebuilt packages use $prefix of /usr. That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
SOrry about this mail Josip, but i checked again my clients.conf, and i put
conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
secret = password
shortname = any
nastype = other
}
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
And i see log of debug and receive this message:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100,
length=73
User-Name = username
User-Password = c\355W'\021tC\372\177R\232(\007\027n\263
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization
for username
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) - (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b -
dc=a,dc=a,dc=c,dc=b
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as
cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra
localhost:389
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password =
{crypt}tg/iHj5yM2iXI in check items
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as
RADIUS attribute Password-With-Header == {crypt}tg/iHj5yM2iXI
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword
as RADIUS attribute NT-Password ==
0x3738463934413643303931413730423936454135373046344341353438304531
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword
as RADIUS attribute LM-Password ==
0x3743414142444638393134314430423841414433423433354235313430344545
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS
attribute Group == username
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use
remote access
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop
Thu Nov 4 09:30:02 2010 : Debug:
!!!
Thu Nov 4 09:30:02 2010 : Debug: !!!Replacing User-Password in config
items with Cleartext-Password.
Re: Doubt - Freeradius + Ldap
On 2010/11/04 01:51 PM, eduardo moreira wrote: and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password man radtest gives me this: radtest [-d raddb_directory] user password radius-server nas-port-number secret [ppphint] [nasname] Looking at your command: radtest username 123456 10.12.60.19 1812 0 password This maps to: user=username password=123456 radius-server=10.12.60.19 nas-port-number=1812 secret=0 ppphint=password -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
hi johan, thanks for u reply. i try with your command, raddtest -d /etc/freeradius username password ip-server port-server secret but no works. but thanks. 2010/11/4 Johan Meiring jmeir...@pcservices.co.za On 2010/11/04 01:51 PM, eduardo moreira wrote: and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password man radtest gives me this: radtest [-d raddb_directory] user password radius-server nas-port-number secret [ppphint] [nasname] Looking at your command: radtest username 123456 10.12.60.19 1812 0 password This maps to: user=username password=123456 radius-server=10.12.60.19 nas-port-number=1812 secret=0 ppphint=password -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 2010/11/04 02:16 PM, eduardo moreira wrote: raddtest -d /etc/freeradius username password ip-server port-server secret but no works. Copy and paste your command. Do not retype it. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any 2010/11/4 Johan Meiring jmeir...@pcservices.co.za On 2010/11/04 02:16 PM, eduardo moreira wrote: raddtest -d /etc/freeradius username password ip-server port-server secret but no works. Copy and paste your command. Do not retype it. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
eduardo moreira wrote: SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. The debug log you posted contains the solution to the problem. Read it. If it's too hard to understand, paste the debug output into this form: http://networkradius.com/freeradius.html And then read the output. It won't be hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 2010/11/04 02:37 PM, eduardo moreira wrote: sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any That should work. The any is probably unnecesary. What does freeradius -X now say? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
same message, but one message desappears:
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
before this message appears this:
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: !!!Replacing User-Password in config
items with Cleartext-Password. !!!
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: !!! Please update your configuration so
that the known good !!!
Thu Nov 4 10:58:52 2010 : Debug: !!! clear text password is in
Cleartext-Password, and not in User-Password. !!!
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: auth: type Local
Thu Nov 4 10:58:52 2010 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Thu Nov 4 10:58:52 2010 : Debug: auth: Failed to validate the user.
Thu Nov 4 10:58:52 2010 : Auth: Login incorrect: [username/123456] (from
clientany port 1812)
Sending Access-Reject of id 168 to 10.12.60.19 port 53629
Thu Nov 4 10:58:52 2010 : Debug: Finished request 2.
Thu Nov 4 10:58:52 2010 : Debug: Going to the next request
Thu Nov 4 10:58:52 2010 : Debug: Waking up in 4.9 seconds.
Thu Nov 4 10:58:57 2010 : Debug: Cleaning up request 2 ID 168 with
timestamp +98
Thu Nov 4 10:58:57 2010 : Debug: Ready to process requests.
in debug appears:
security {
reject_delay = 0
but still dont work
thanks for help.
2010/11/4 Johan Meiring jmeir...@pcservices.co.za
On 2010/11/04 02:37 PM, eduardo moreira wrote:
sorry
radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any
That should work.
The any is probably unnecesary.
What does freeradius -X now say?
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt - Freeradius + Ldap
Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == eduardo Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the known good !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. On Tue, Nov 2, 2010 at 6:14 AM, eduardo moreira eduardomoreir...@gmail.comwrote: Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == eduardo Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the known good !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. No, no, no, and no. sigh If you want to read random debug messages, don't pick just any. Yes, he doesn't have SSL support, but the log also says pretty clearly: Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP When the client does not use EAP, it's completely irrelevant that the server doesn't have support for SSL-using EAP methods. And there's clearly no reason to recompile even FR, let alone three other different pieces of software. (For the former, just use lenny-backports.) The final error state is: Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! So, have you double-checked the shared secret? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
Yes, i checke shared secred in clients. And i try to reinstall with apt-get but dont works. ty for help. 2010/11/1 Josip Rodin j...@entuzijast.net On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. No, no, no, and no. sigh If you want to read random debug messages, don't pick just any. Yes, he doesn't have SSL support, but the log also says pretty clearly: Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP When the client does not use EAP, it's completely irrelevant that the server doesn't have support for SSL-using EAP methods. And there's clearly no reason to recompile even FR, let alone three other different pieces of software. (For the former, just use lenny-backports.) The final error state is: Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! So, have you double-checked the shared secret? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
