Hi Guys,
I'm hoping someone can help me, because I have been fighting with this issue for
days now.
Environment:
FC10 + FreeRadius 2.1 + OpenLdap 2.4.
I've successfully setup Certificate Based authentication on my FreeRadius server
and that works well. My problem is I have some users I want to
-0400
From: Nik Alleyne nalle...@brontecollege.ca
Subject: FreeRadius 2.1 + LDAP Authentication
To: freeradius-users@lists.freeradius.org
Message-ID: 20090605144736.cpa0ghg1wk4ok...@mail.brontecollege.ca
Content-Type: text/plain; charset=ISO-8859-1
Hi Guys,
I'm hoping someone can help me
Hi,
How configuring freeradius with ldap windows server 2003 ?
I do in my freeradius, when I installed it is
./configure --prefix=/usr/local/freeradius --with-modules=rlm-ldap
Until I'm configured in radiusd.conf
It's Still
radiusd.conf[744] Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot
Hari Novferdianto wrote:
Hi,
How configuring freeradius with ldap windows server 2003 ?
I do in my freeradius, when I installed it is
./configure --prefix=/usr/local/freeradius --with-modules=rlm-ldap
That isn't enough. You need to have the local LDAP libraries
header files on your system
Hello,
We use freeRadius v 1.1.6 and EAP-TTLS for our WiFi network.
FreeRadius uses LDAP for users autentication. It is querying LDAP
about inner identities and outer identities (anonymous usually).
Is there any way to stop freeRadius from querying LDAP about
outer identities?
Thanks.
--
En el
We use freeRadius v 1.1.6 and EAP-TTLS for our WiFi network.
FreeRadius uses LDAP for users autentication. It is querying LDAP
about inner identities and outer identities (anonymous usually).
Is there any way to stop freeRadius from querying LDAP about
outer identities?
Upgrade. In 2.x inner
Daniel Daza Muñoz wrote:
We use freeRadius v 1.1.6 and EAP-TTLS for our WiFi network.
FreeRadius uses LDAP for users autentication. It is querying LDAP
about inner identities and outer identities (anonymous usually).
Is there any way to stop freeRadius from querying LDAP about
outer
You don't need Auth-Type Accept (it will let people in even if the
password is wrong). Processing of the users file stops with the first
match without Fall-Trough.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2008, Tim Gustafson t...@soe.ucsc.edu piše:
Add: DEFAULT Auth-Type := Reject
Add: DEFAULT Auth-Type := Reject
Awesome, that worked.
So, if I wanted to enable multiple LDAP groups, would this be the correct
syntax:
DEFAULT LDAP-Group == foo, Auth-Type := Accept
DEFAULT LDAP-Group == bar, Auth-Type := Accept
DEFAULT LDAP-Group == baz, Auth-Type := Accept
DEFAULT
Now that I have FreeRADIUS authenticating users via MSCHAPv2 and the
sambaNTPassword attributes, the next step in my project is to limit the system
so that only users in certain user groups can log in.
I'm using posixGroup groups, not groupOfNames or groupOfUniqueNames.
In my modules/ldap
In my users I have
DEFAULT LDAP-Group == foo
However, even with these configuration options set, anyone with a valid login
and password can authenticate right now. In my radiusd -X I see:
rlm_ldap: performing search in dc=blah, with filter ((cn=foo)(memberUid=test))
rlm_ldap: object not found
Hello Sir/Madam,
Good Evening
Im niel, I was researching about this topic Freeradius with LDAP support for
authentication.
I am very pressured because i want to implement such as this one using my AP
in the office.
If anyone can help me with this problem. Either some of below;
- URL of a web
Freeradius builds with radius support by default. Look up build and
rlm_ldap on freeradius wiki.
Ivan Kalik
Kalik Informatika ISP
Dana 11/9/2008, niel m [EMAIL PROTECTED] piše:
Hello Sir/Madam,
Good Evening
Im niel, I was researching about this topic Freeradius with LDAP support
Dear all,
I am tying to configure freeradius 1.1.7 on Solaris10
to authenticate with ldap server. After I configure it, radiusd -X -A running
well, once I run radtest I got the error as
below:
chenweiting wrote:
rlm_ldap: (re)connect to ldap.icpdd.neca.nec.com.au:389, authentication 0
ld.so.1: radiusd: fatal: relocation error: file
/usr/local/lib/rlm_ldap-1.1.7.so: symbol ldap_int_tls_config: referenced
symbol not found
Killed
Any idea for this issue?
A couple.
Do you have
Hello,
Trying to setup group membership filtering against LDAP group membership
for user authentication and authorization, seems that %{Ldap-UserDn} is
not correctly expanded (shown as blank) in my conf.
Does anyone experienced same problems or has any idea about what is wrong
in my conf ?
[EMAIL PROTECTED] wrote:
Trying to setup group membership filtering against LDAP group membership
for user authentication and authorization, seems that %{Ldap-UserDn} is
not correctly expanded (shown as blank) in my conf.
Does anyone experienced same problems or has any idea about what is
Thanks a lot, that was the point.
Pierre
[EMAIL PROTECTED] wrote:
Trying to setup group membership filtering against LDAP group membership
for user authentication and authorization, seems that %{Ldap-UserDn} is
not correctly expanded (shown as blank) in my conf.
Does anyone experienced
Ray Stell wrote:
Oracle advanced security product supports external radius authentication.
I would like to use this external auth for oracle clients connecting
to an oracle db server. The radius server would need to talk to an
external ldap over ssl. I've installed freeradius on the db
Oracle advanced security product supports external radius authentication.
I would like to use this external auth for oracle clients connecting
to an oracle db server. The radius server would need to talk to an
external ldap over ssl. I've installed freeradius on the db server,
but have no idea
Hello Ivan
The solution previously suggested by Alan worked.
Thanks
Sambuddho
On Sat, 2008-06-14 at 18:15 +0100, Ivan Kalik wrote:
rlm_ldap: Added password {crypt}$1$2Pl0Lm5O$ot8mrXYBaAg12RoBogNDK. in
check items
Are you sure that's crypt? It looks like MD5 to me.
Ivan Kalik
Kalik
Hello All
I am experiencing a problem while trying to authenticate the
username/password in LDAP through a freeradius server. While a regular
telnet/ssh to the edge running a openLdap client / PAM module works fine
(It is able to authenticate) but the problem arises when trying to
authenticate
Sambuddho Chakravarty wrote:
I am experiencing a problem while trying to authenticate the
username/password in LDAP through a freeradius server. While a regular
telnet/ssh to the edge running a openLdap client / PAM module works fine
(It is able to authenticate) but the problem arises when
Hello Alan
Thanks a lot! Ill check this out.
Sambuddho
On Sat, 2008-06-14 at 09:22 +0200, Alan DeKok wrote:
Sambuddho Chakravarty wrote:
I am experiencing a problem while trying to authenticate the
username/password in LDAP through a freeradius server. While a regular
telnet/ssh
rlm_ldap: Added password {crypt}$1$2Pl0Lm5O$ot8mrXYBaAg12RoBogNDK. in
check items
Are you sure that's crypt? It looks like MD5 to me.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I read a included document about freeradius to ldap, but I a forigner
and difficult undersand content. Can we suggest a any content with
example, how can I use group to ldap?
Thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A very nice article
http://www.ibm.com/developerworks/linux/library/l-radius/
Nikolay G. Petrov [EMAIL PROTECTED] wrote:
I read a included document about freeradius to ldap, but I a forigner
and difficult undersand content. Can we suggest a any content with
example, how can I use group
Mats Blomgren B wrote:
Today I check the etc/passwd for the usernames and passwords and
fetches the users default group from etc/passwd.
I'm not so sure...
#/usr/local/etc/raddb/users
DEFAULT Group == admin-network, Auth-Type = System
This checks /etc/groups, via the getgrent() call.
Hi,
Well, I did a workaround running:
./configure --prefix=/usr --without-rlm_sql --without-rlm_sqlippool
--without-rlm_sqlcounter --without-rlm_sql_log --without-rlm_sqlhpwippool
working around means not fixing the issue - do you also have the required LDAP
development libraries etc
El Monday 03 September 2007 18:12:40 [EMAIL PROTECTED] escribió:
You are picking up Auth-Type System from the users file. Comment it out.
Ivan Kalik
Kalik Informatika ISP
Dana 3/9/2007, Sergio Belkin [EMAIL PROTECTED] piše:
I have problem when in Fedora 4 (sadly in my job I cannot change
El Tuesday 04 September 2007 02:24:16 Alan DeKok escribió:
Sergio Belkin wrote:
I have problem when in Fedora 4 (sadly in my job I cannot change this)
using radtest against LDAP
...
freeradius-1.0.4-1.FC4.1
I am STRONGLY inclined to tell people using 3-year old versions
El Tuesday 04 September 2007 11:09:33 [EMAIL PROTECTED] escribió:
Hi,
OK, I am trying to compile the fresh version, but when I run make, it
outputs at the end:
In file included from rlm_sqlippool.c:37:
/root/freeradius-1.1.7/src/include/modpriv.h:7:18: error: ltdl.h: No such
file or
Hi,
OK, I am trying to compile the fresh version, but when I run make, it outputs
at the end:
In file included from rlm_sqlippool.c:37:
/root/freeradius-1.1.7/src/include/modpriv.h:7:18: error: ltdl.h: No such
file or directory
ta-dah! thats your answer printed on the screen right
I have problem when in Fedora 4 (sadly in my job I cannot change this) using
radtest against LDAP
Packages version:
openldap-servers-2.2.29-1.FC4
openldap-clients-2.2.29-1.FC4
openldap-2.2.29-1.FC4
freeradius-1.0.4-1.FC4.1
This is part of /etc/raddb/radiusd.conf:
ldap {
You are picking up Auth-Type System from the users file. Comment it out.
Ivan Kalik
Kalik Informatika ISP
Dana 3/9/2007, Sergio Belkin [EMAIL PROTECTED] piše:
I have problem when in Fedora 4 (sadly in my job I cannot change this) using
radtest against LDAP
Packages version:
Sergio Belkin wrote:
I have problem when in Fedora 4 (sadly in my job I cannot change this) using
radtest against LDAP
...
freeradius-1.0.4-1.FC4.1
I am STRONGLY inclined to tell people using 3-year old versions of the
server that they can get support from the FC project, not from us
Hi,
Eap/peap + Switch + freeRADIUS(1.1.6) + Lutos LDAP server.
Can this architecture work well? Can anyone give me some advice? Thanks a
lot.
John.
-
雅虎邮箱,以安全著称,是值得信赖的邮箱专家! -
List info/subscribe/unsubscribe? See http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
satish patel wrote:
I am going to installed freeradius with ldap but my
problem is i m confused about ldap and chap i want impement VPDN and
users authenticate through ldap so CHAP will work or not how can i
configure ldif file
Dear all
I am going to installed freeradius with ldap but my problem is i
m confused about ldap and chap i want impement VPDN and users authenticate
through ldap so CHAP will work or not how can i configure ldif file for users
where i will define attributes is there any site
Hi all !
After installing Freeradius 1.1.4, I am trying to set it up to
authenticate users with a LDAP database using PEAP + eap/mschapv2.
Freeradius seems to work fine for most users, but for a few people I get
this error in my log file :
/Mon Feb 19 09:30:07 2007 : Info: rlm_eap_tls:
Baptiste Delporte wrote:
Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid LM-Password
Mon Feb 19 09:30:08 2007 : Error: rlm_mschap: Invalid NT-Password
That happens only when an LM-Password and NT-Password are added for
the user, AND where they're not the right format.
/Authentication
Sundaram Divya-QDIVYA1 wrote:
What I need to understand is how to integrate FreeRADIUS with
an LDAP Server without exposing the (crypted) password hashes.
Any pointers on what I need to do for that?
Bind as the LDAP user. PAP will work, nothing else will.
Alan DeKok.
--
http
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de Sundaram Divya-QDIVYA1
Envoyé : jeudi 30 novembre 2006 23:51
À : freeradius-users@lists.freeradius.org
Objet : FreeRadius and LDAP
We don't use openldap
Hi all,
I'm trying to configure the server to use LDAP for authentication
And am finding the documentation to be less than straightforward.
We don't use openldap or eDirectory - which is what the docs are
Derived from. The information for FreeRADIUS and LDAP seems to
suggest that I need
hi,
I configure freeradius with Sql and ldap.
The base ldap contains the login and the password of 15000 users and any
other parameter.
And I will wish to aply parameters with these users (but not in the base
ldap, for example in the file users, or the base postgresql) The
base postgresql
Is it possible to configure freeradius to authenticate
off from active directory, ldap and mysql? I am
looking to configure freeradius to hit active
directory to see if user exist, if not hit ldap and
mysql database for authentication. Since we can set
it to hit ldap then mysql, I think it is
Good morning, I send this email because I don't found my error about freeradius + ldap. I thinhk, I have an error of the userPassword. You can see the output of radiusd -X : Thanks for your help. Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services
Hi,
I'm using Fedora Core 3 , openldap-2.2.13-2 ,
freeradius-1.0.1-1.RHEL3.
When i'm running the radius in debugging mode and
trying to authenticate the user using radtest
command its giving the Segmentation fault like :
rad_recv: Access-Request packet from host
xx.xx.xx.xx:41523, id=169,
Okay, i have freeradius and ldap talking together quite fine. it doesn't
matter if the nas is a dsl or dial-up it work correctly (huntgroups,
defaults in the users file...etc)
what i am wondering is there a way that if i have a user with a static
ip for dsl, that i can not pull the static ip
Here is the output of my RADIUS server. I verfied the account on the
LDAP server as a domain admin
rad_recv: Access-Request packet from host 10.1.1.27:32773, id=254,
length=59
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On Behalf Of Dickson, John
Sent: January 4, 2006 9:27 AM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
Here is the output of my RADIUS server. I verfied
Here is my ldap section:
ldap {
server = 10.1.1.29
identity = dmadmin1
password = [EMAIL PROTECTED]
basedn = dc=ssotest,dc=mccsso,dc=mccneb,dc=edu
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
#
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On Behalf Of Dickson, John
Sent: January 4, 2006 11:32 AM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
Here is my ldap section:
ldap
Dickson, John [EMAIL PROTECTED] wrote:
Here is my ldap section:
ldap {
server = 10.1.1.29
identity = dmadmin1
password = [EMAIL PROTECTED]
...
This seeems to work:
[EMAIL PROTECTED] ~]$ ldapsearch -LLL -h name.serverdm.domain.edu -x -b
]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Alan DeKok
Sent: Wednesday, January 04, 2006 3:36 PM
To: FreeRadius users mailing list
Subject: Re: wireless - freeradius - MS ldap
Dickson, John [EMAIL PROTECTED] wrote:
Here is my ldap section:
ldap {
server = 10.1.1.29
:20 PM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
Sorry, it was a failed attempt at not sending the REAL data.
I have verified that the ldapsearch credentials are the
credentials used in the radiusd.conf. The user has been verified.
I did have to add
list
Subject: Re: wireless - freeradius - MS ldap
Dickson, John [EMAIL PROTECTED] wrote:
I am looking for a little direction configuring a Freeradius server
that will authenticate wireless clients from Cisco to MS LDAP.
1.Wireless - 2.Cisco - 3.Radius - 4.Windows LDAP
Looking to see if someone
PROTECTED]
eradius.org] On Behalf Of Dickson, John
Sent: January 3, 2006 9:03 AM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
OK. In the radius.conf under module configuration I have ldap
information pointing to the LDAP server and the authentication fails
Dickson, John [EMAIL PROTECTED] wrote:
OK. In the radius.conf under module configuration I have ldap
information pointing to the LDAP server and the authentication fails.
The debug log you posted doesn't show that. In fact, it shows
pretty much nothing useful. You've taken care to *not*
(MS ldap).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Alan DeKok
Sent: Tuesday, January 03, 2006 11:55 AM
To: FreeRadius users mailing list
Subject: Re: wireless - freeradius - MS ldap
Dickson, John [EMAIL PROTECTED] wrote:
OK. In the radius.conf
-Original Message-
From:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On Behalf Of Dickson, John
Sent: January 3, 2006 10:58 AM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
I don't know. Ithought I was sending enouhg information.
I
on accounting *:1813
Ready to process requests.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Alhagie Puye
Sent: Tuesday, January 03, 2006 1:16 PM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
John,
Just run radiusd -X
:
[EMAIL PROTECTED]
org
[mailto:[EMAIL PROTECTED]
eradius.org] On Behalf Of Dickson, John
Sent: January 3, 2006 11:41 AM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
I sent this out earlier.
John
[EMAIL PROTECTED] john]# /usr/local/sbin/radiusd -X
=
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Alhagie Puye
Sent: Tuesday, January 03, 2006 2:03 PM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
Send the output ***DURING*** authentication
The information
Dickson, John [EMAIL PROTECTED] wrote:
I sent this out earlier.
Ah. Having been told that what you sent earlier is inadequate, your
response is to re-send it.
It's OK that you're a beginner. It's *not* OK to not read the FAQ
or documentation which describe exactly how to test the server.
Subject: Re: wireless - freeradius - MS ldap
Dickson, John [EMAIL PROTECTED] wrote:
I sent this out earlier.
Ah. Having been told that what you sent earlier is inadequate, your
response is to re-send it.
It's OK that you're a beginner. It's *not* OK to not read the FAQ or
documentation which
Of Dickson, John
Sent: January 3, 2006 12:44 PM
To: FreeRadius users mailing list
Subject: RE: wireless - freeradius - MS ldap
I am sorry. I received a request for the data I had already
sent, and I ran the tests too. I will refrain.
John
-Original Message-
From:
[EMAIL
Dickson, John wrote:
I am sorry. I received a request for the data I had already sent, and I
ran the tests too. I will refrain.
No, you received a request to send *more* data than you already sent.
You have yet to do that. Here is the end of your first output:
Listening on authentication
I am looking for a
little direction configuring a Freeradius server that will authenticate wireless
clients from Cisco to MSLDAP.
1.Wireless-
2.Cisco- 3.Radius- 4.Windows LDAP
Looking to see if someone has
already done this.
John
-
List info/subscribe/unsubscribe? See
Dickson, John [EMAIL PROTECTED] wrote:
I am looking for a little direction configuring a Freeradius server that
will authenticate wireless clients from Cisco to MS LDAP.
1.Wireless - 2.Cisco - 3.Radius - 4.Windows LDAP
Looking to see if someone has already done this.
Lots of people. See
Phil Mayers wrote:
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using SHA
algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius server will
ONLY be able to
Christophe Gravier wrote:
Phil Mayers wrote:
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using
SHA algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius
is to edit rlm_ldap.c to have it *never* set
Auth-Type to LDAP. That would solve a lot of problems.
Indeed, I have no rlm-ldap.so ;-(
(I did apt-get install freeradius-ldap on my debian box ...)
Whaou, I was so kind of tired (or in a hurry).
I of course mean :
I have no rlm_ldap.c ...
Alan
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
rlm_ldap: Adding userPassword as User-Password, value { op=11
That's better.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
Yuck.
My quick answer is to edit rlm_ldap.c to have it *never* set
unable to make freeradius uses LDAP password without
hacking it :-/
What then would the authenticate section look like to use LDAP?
Presumably something like:
authenticate {
Auth-Type PAP {
ldap
}
}
...but of course then you get into what happens if you want 2
different services
correct me...
Regards,
Edvin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christophe Gravier
Sent: Donnerstag, 15. Dezember 2005 16:05
To: FreeRadius users mailing list
Subject: Re: Freeradius and LDAP : to be continued
Phil Mayers wrote:
Alan DeKok
To: FreeRadius users mailing list
Subject: Re: Freeradius and LDAP : to be continued
Phil Mayers wrote:
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
rlm_ldap: Adding userPassword as User-Password, value { op=11
That's better.
modcall: group authorize returns ok
opinion about
this on this list ;)
Kind regards,
Edvin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christophe Gravier
Sent: Donnerstag, 15. Dezember 2005 16:41
To: FreeRadius users mailing list
Subject: Re: Freeradius and LDAP : to be continued
Hello
rather confusing. I have to admit, I have never used chillispot, but I've
just visited their website and in FAQ I found Why should I use
CHAP-Challenge and CHAP-Password? so this makes me think that Chillispot
uses CHAP authorization. And when you use CHAP, you do NOT need LDAP as
;)
Kind regards,
Edvin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Christophe Gravier
Sent: Donnerstag, 15. Dezember 2005 16:41
To: FreeRadius users mailing list
Subject: Re: Freeradius and LDAP : to be continued
Hello Edvin,
First, I received my
Hello
I have a chillispot that works with OpenLDAP
on a Debian box
here are the modifications in radiusd.conf I wrote
# Lightweight Directory Access Protocol (LDAP)
#
# This module definition allows you to use LDAP for
# authorization and authentication (Auth-Type :=
Frank Bonnet wrote:
Hello
I have a chillispot that works with OpenLDAP
on a Debian box
Strictly the same thing I want to achieve indeed ! ;-)
How are your password in your LDAP ? (clear ? hash form ?)
Moreover, except this configuration of the ldap remote server, what did
you put in
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using SHA
algorythm, so this won't work ;-(
Ok, let's take a breath. First things first:
If your passwords are in SHA (which they are) your Radius server will
ONLY be able to answer PAP requests.
The
Christophe Gravier wrote:
My password are not stored in LDAP in clear text but hashed using SHA
algorythm, so this won't work ;-(
Ok, let's take a breath.
Yes, I agree, that's why I quit for today ;-)
First things first:
If your passwords are in SHA (which they are) your Radius server
Phil Mayers [EMAIL PROTECTED] wrote:
Ok, let's take a breath. First things first:
...
Could this be a Wiki page?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
From the last things settled today about ldap support for freeradius on
the list, I succeeded in configuring the ldap backend for freeradius.
At least, radtest provides me an Accept response !
Nevertheless, with the front chillispot, I can't login, freeradius tells:
rlm_ldap
Christophe Gravier [EMAIL PROTECTED] wrote:
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute User-Password is required for authentication.
Cannot use CHAP-Password.
You're
Alan DeKok wrote:
Christophe Gravier [EMAIL PROTECTED] wrote:
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute User-Password is required for authentication.
Cannot use
Christophe Gravier [EMAIL PROTECTED]wrote:
Removing the ldap entry, radtest no longer works of course.
Did you put ldap in the authorize section? That would allow
radtest to work, as I said.
rlm_ldap: looking for check items in directory...
Can you say which LDAP server you're using?
Christophe Gravier [EMAIL PROTECTED]wrote:
Removing the ldap entry, radtest no longer works of course.
Did you put ldap in the authorize section? That would allow
radtest to work, as I said.
Yes, I did like we said:
- did put ldap (it was already indeed) in authorize section.
- did remove
Christian Poessinger wrote:
Zoltan Ori wrote:
That's the problem everything is uncommented. Comment out ntlm_auth
and with_ntdomain_hack. If you have plain text passwords, you aren't
authenticating to a Windows domain controller, you don't have
windbindd and nmbd running, you don't need want
On Thursday 01 December 2005 09:19, Christian Poessinger wrote:
Fixed it myself. After removing
checkItem LM-Password userPassword
checkItem NT-Password userPassword
from the ldap.attrmap file, and adding
checkItem userPassword
Zoltan Ori wrote:
That's the problem everything is uncommented. Comment out ntlm_auth
and with_ntdomain_hack. If you have plain text passwords, you aren't
authenticating to a Windows domain controller, you don't have
windbindd and nmbd running, you don't need want them in your mschap
Zoltan Ori wrote:
On Monday 28 November 2005 12:32, Christian Poessinger wrote:
rlm_eap_peap: Had sent TLV failure, rejecting.
Use the latest available drivers for your wireless adaptor. I've
encountered many strange connectivity issues that are fixed with new
drivers.
If the supplicant
On Tuesday 29 November 2005 08:53, Christian Poessinger wrote:
I requested and installed this fix, but I still get the same error message
on the radius server.
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV
Zoltan Ori wrote:
Are there any other errors in the log? The actual reason for
rejection may come long before that.
Here is the complete log:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config:
Your problem lies here:
modcall: entering group Auth-Type for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for USERNAME with NT-Password
rlm_mschap: FAILED:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Christian Poessinger
Sent: Tuesday, November 29, 2005 10:12 AM
To: 'FreeRadius users mailing list'
Subject: RE: WLAN 802.1x FreeRadius with LDAP
auth: type EAP
Processing the authenticate
On Tuesday 29 November 2005 11:07, Christian Poessinger wrote:
You didn't configure a password for the user.
Yes, I did. I have a userPassword atribute in my LDAP backend, also
it contains a clear text password. I can fully use this account in
the backend for ftp/ssh/http but not with
Zoltan Ori wrote:
You have ntlm_auth in your mschap configuration. You don't want that
for LDAP.
You don't need anything NT in that module. The default configuration
had everything commented out but authtype = MS-CHAP. Start with that
and then add what you need.
Nope, there is everything
101 - 200 of 282 matches
Mail list logo
