Re: Doubt - Freeradius + Ldap
sorry, but where i checked the shared secret? in clients.conf? if yes, secret is ok! thanks for any help. On 11/04/2010 09:51 AM, eduardo moreira wrote: SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. clients.conf client 127.0.0.1 { secret = password shortname = localhost nastype = other # localhost isn't usually a NAS... } client 10.12.60.19 { secret = password shortname = any nastype = other } and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password And i see log of debug and receive this message: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization for username Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) - (uid=username) Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b - dc=a,dc=a,dc=c,dc=b Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra localhost:389 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password = {crypt}tg/iHj5yM2iXI in check items Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password-With-Header == {crypt}tg/iHj5yM2iXI Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword as RADIUS attribute NT-Password == 0x3738463934413643303931413730423936454135373046344341353438304531 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword as RADIUS attribute LM-Password == 0x3743414142444638393134314430423841414433423433354235313430344545 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == username Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop Thu Nov 4
Re: Doubt - Freeradius + Ldap
On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
There's many a slip 'twixt the cup and the lip I promise you'll want to kick yourself when you find the simple difference after so many messages. Many of us have the grace to go through this necessarily humbling exercise in private. On 2010-11-05 2:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? if yes, secret is ok! thanks for any help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the root prefix is different. If you build yourself the $prefix defaults to /usr/local, but (most?) all prebuilt packages use $prefix of /usr. That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
Thanks john , i install in debian server, default config, apt-get install Directory is: /etc/freeradius ; Sorry, im newbie, but before i configure ldap module freeradius work, after configure ldap module, no way to connect, certain my problem stays with module ldap, authentication ... But dont see where ... Thanks for u reply. On 11/05/2010 05:17 PM, John Dennis wrote: On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the root prefix is different. If you build yourself the $prefix defaults to /usr/local, but (most?) all prebuilt packages use $prefix of /usr. That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. clients.conf client 127.0.0.1 { secret = password shortname = localhost nastype = other # localhost isn't usually a NAS... } client 10.12.60.19 { secret = password shortname = any nastype = other } and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password And i see log of debug and receive this message: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = username User-Password = c\355W'\021tC\372\177R\232(\007\027n\263 NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization for username Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) - (uid=username) Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b - dc=a,dc=a,dc=c,dc=b Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra localhost:389 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password = {crypt}tg/iHj5yM2iXI in check items Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password-With-Header == {crypt}tg/iHj5yM2iXI Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword as RADIUS attribute NT-Password == 0x3738463934413643303931413730423936454135373046344341353438304531 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword as RADIUS attribute LM-Password == 0x3743414142444638393134314430423841414433423433354235313430344545 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == username Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop Thu Nov 4 09:30:02 2010 : Debug: !!! Thu Nov 4 09:30:02 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password.
Re: Doubt - Freeradius + Ldap
On 2010/11/04 01:51 PM, eduardo moreira wrote: and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password man radtest gives me this: radtest [-d raddb_directory] user password radius-server nas-port-number secret [ppphint] [nasname] Looking at your command: radtest username 123456 10.12.60.19 1812 0 password This maps to: user=username password=123456 radius-server=10.12.60.19 nas-port-number=1812 secret=0 ppphint=password -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
hi johan, thanks for u reply. i try with your command, raddtest -d /etc/freeradius username password ip-server port-server secret but no works. but thanks. 2010/11/4 Johan Meiring jmeir...@pcservices.co.za On 2010/11/04 01:51 PM, eduardo moreira wrote: and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password man radtest gives me this: radtest [-d raddb_directory] user password radius-server nas-port-number secret [ppphint] [nasname] Looking at your command: radtest username 123456 10.12.60.19 1812 0 password This maps to: user=username password=123456 radius-server=10.12.60.19 nas-port-number=1812 secret=0 ppphint=password -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 2010/11/04 02:16 PM, eduardo moreira wrote: raddtest -d /etc/freeradius username password ip-server port-server secret but no works. Copy and paste your command. Do not retype it. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any 2010/11/4 Johan Meiring jmeir...@pcservices.co.za On 2010/11/04 02:16 PM, eduardo moreira wrote: raddtest -d /etc/freeradius username password ip-server port-server secret but no works. Copy and paste your command. Do not retype it. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
eduardo moreira wrote: SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. The debug log you posted contains the solution to the problem. Read it. If it's too hard to understand, paste the debug output into this form: http://networkradius.com/freeradius.html And then read the output. It won't be hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On 2010/11/04 02:37 PM, eduardo moreira wrote: sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any That should work. The any is probably unnecesary. What does freeradius -X now say? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
same message, but one message desappears: Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! before this message appears this: Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Please update your configuration so that the known good !!! Thu Nov 4 10:58:52 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: auth: type Local Thu Nov 4 10:58:52 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Thu Nov 4 10:58:52 2010 : Debug: auth: Failed to validate the user. Thu Nov 4 10:58:52 2010 : Auth: Login incorrect: [username/123456] (from clientany port 1812) Sending Access-Reject of id 168 to 10.12.60.19 port 53629 Thu Nov 4 10:58:52 2010 : Debug: Finished request 2. Thu Nov 4 10:58:52 2010 : Debug: Going to the next request Thu Nov 4 10:58:52 2010 : Debug: Waking up in 4.9 seconds. Thu Nov 4 10:58:57 2010 : Debug: Cleaning up request 2 ID 168 with timestamp +98 Thu Nov 4 10:58:57 2010 : Debug: Ready to process requests. in debug appears: security { reject_delay = 0 but still dont work thanks for help. 2010/11/4 Johan Meiring jmeir...@pcservices.co.za On 2010/11/04 02:37 PM, eduardo moreira wrote: sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any That should work. The any is probably unnecesary. What does freeradius -X now say? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt - Freeradius + Ldap
Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == eduardo Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the known good !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. On Tue, Nov 2, 2010 at 6:14 AM, eduardo moreira eduardomoreir...@gmail.comwrote: Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == eduardo Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the known good !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. No, no, no, and no. sigh If you want to read random debug messages, don't pick just any. Yes, he doesn't have SSL support, but the log also says pretty clearly: Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP When the client does not use EAP, it's completely irrelevant that the server doesn't have support for SSL-using EAP methods. And there's clearly no reason to recompile even FR, let alone three other different pieces of software. (For the former, just use lenny-backports.) The final error state is: Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! So, have you double-checked the shared secret? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
Yes, i checke shared secred in clients. And i try to reinstall with apt-get but dont works. ty for help. 2010/11/1 Josip Rodin j...@entuzijast.net On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL support. So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius. No, no, no, and no. sigh If you want to read random debug messages, don't pick just any. Yes, he doesn't have SSL support, but the log also says pretty clearly: Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP When the client does not use EAP, it's completely irrelevant that the server doesn't have support for SSL-using EAP methods. And there's clearly no reason to recompile even FR, let alone three other different pieces of software. (For the former, just use lenny-backports.) The final error state is: Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! So, have you double-checked the shared secret? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html