Re: LDAP + CHAP problem
I have put LDAP in authorized section and CHAP in authentication section but still i have problem not clear text passwd in radiusd -X output so that users not able to login i understand what u want to say but i dont kow how come i solve this problem :( Dennis Skinner <[EMAIL PROTECTED]> wrote: satish patel wrote: > so i want to know LDAP support CHAP ??? No. LDAP does not support CHAP. FreeRADIUS supports CHAP and FreeRADIUS supports LDAP. In other words, you need to make FR get the login credentials from the user and then the LDAP backend and let FR use CHAP to compare them. LDAP goes in the *authorization* section. CHAP goes in the *authentication* section. Read that carefully. Also read the debug output very carefully. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
satish patel wrote: > so i want to know LDAP support CHAP ??? No. LDAP does not support CHAP. FreeRADIUS supports CHAP and FreeRADIUS supports LDAP. In other words, you need to make FR get the login credentials from the user and then the LDAP backend and let FR use CHAP to compare them. LDAP goes in the *authorization* section. CHAP goes in the *authentication* section. Read that carefully. Also read the debug output very carefully. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
satish patel wrote: >I also have remove LDAP from authentication and try to > connect from clinet with CHAP authentication and error is "not clear > text paswd " Run the server in debugging mode. Read the output. > so i want to know LDAP support CHAP ??? No. http://deployingradius.com/documents/protocols/oracles.html > and what about clear text > passwd i also have add clear text passwd for Users/ldif but still now > working so is it bug or anything else Read the debug output. Odds are it's telling you that it did an LDAP lookup, and didn't find anything. That's why the userPassword field wasn't found. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
Thanks for reply I also have remove LDAP from authentication and try to connect from clinet with CHAP authentication and error is "not clear text paswd " so i want to know LDAP support CHAP ??? and what about clear text passwd i also have add clear text passwd for Users/ldif but still now working so is it bug or anything else Alan DeKok <[EMAIL PROTECTED]> wrote: satish patel wrote: > I have implement freeradius with LDAP + cisco VPDN my problem > is my authentication working with PAP but when i try for authentication > from CHAP it is not working error is password not clear text so i have > read many document about it and ppl talking about store passwd in > clear text but also i have ass passwd in clear text still it is not working Like many people, you have configured the server to use LDAP for authentication. This is wrong. Don't do it. If you read the debugging output, it will likely tell you what you're doing wrong. Don't set Auth-Type = LDAP, and it will probably work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
satish patel wrote: > I have implement freeradius with LDAP + cisco VPDN my problem > is my authentication working with PAP but when i try for authentication > from CHAP it is not working error is password not clear text so i have > read many document about it and ppl talking about store passwd in > clear text but also i have ass passwd in clear text still it is not working Like many people, you have configured the server to use LDAP for authentication. This is wrong. Don't do it. If you read the debugging output, it will likely tell you what you're doing wrong. Don't set Auth-Type = LDAP, and it will probably work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
> I have implement freeradius with LDAP + cisco VPDN my problem > is my authentication working with PAP but when i try for authentication > from CHAP it is not working error is password not clear text so i have > read many document about it and ppl talking about store passwd in > clear text but also i have ass passwd in clear text still it is not > working As I understand it, (open)ldap doesn't ever divulge the password in hash form or otherwise to freeradius. That is, the authorization & authentication is done by the ldap server, which returns valid or invalid for the credentials freeradius proxied. There may be a way to make this work, but I wouldn't know how. MSCHAP, or MSCHAPv2 can be made to work via samba's winbind daemon, if you have access to an active directory domain. -- Click for free info on online doctorate degrees and make $250k/ year http://tagline.hushmail.com/fc/CAaCXv1ZYZ31cCIxIwDH31ZLLgc9RVOq/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP + CHAP problem
Dear I have implement freeradius with LDAP + cisco VPDN my problem is my authentication working with PAP but when i try for authentication from CHAP it is not working error is password not clear text so i have read many document about it and ppl talking about store passwd in clear text but also i have ass passwd in clear text still it is not working $cat users.ldif dn: uid=example,ou=users,ou=radius,dc=tulipit,dc=com objectClass: person objectClass: inetOrgPerson cn: example sn: example uid: example userPassword: test but this is not work with my CHAP authentication so what is the problem can anyone explain me in detail i want to know resone about this problem also i have change password_header ="{clear}" in radius.conf file but still not working $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
"Sébastien Cantos" <[EMAIL PROTECTED]> wrote: > I'm trying to figure out how to make freeradius work with LDAP and CHAP > authentification. LDAP should supply clear-text passwords to the server. CHAP will work. > rlm_chap: Could not find clear text password for user Your LDAP module did not give the server a clear-text password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP + CHAP problem
Hello, I'm trying to figure out how to make freeradius work with LDAP and CHAP authentification. My user file looks like this: DEFAULT Service-Type = Framed-User Framed-Protocol = PPP, Framed-IP-Address = 192.168.10.100+, Framed-IP-Netmask = 255.255.255.0 And in my radiusd.conf I've something like this: modules { ... chap { authtype = CHAP } ldap { server = "myserver" basedn = "ou=devices,o=group,dc=toto,dc=com" filter = "(cn=%u)" ldap_connections_number = 5 password_header = "{clear}" password_attribute = userPassword timeout = 4 timelimit = 3 net_timeout = 1 } } authorize { chap ldap files } authenticate { Auth-Type CHAP { chap } Auth-Type LDAP { ldap } } Everithing is working well with the radtest utility whci sends User-Password Attribute, but when I try to authentificate a client that sends Chap-password I've the following output: rlm_ldap: user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 users: Matched DEFAULT at 4 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group authtype for request 0 rlm_chap: login attempt by "" with CHAP password rlm_chap: Could not find clear text password for user modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group authtype returns invalid for request 0 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [/] (from client radiusFT port 99 cli 490760808) I've read a lot of posts and FAQs vut didn't find any solution. Can anyone help me in solving this problem please ? Thanks in advances Best regards, -- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
This is my gnugk conf file: [Gatekeeper::Main] Fourtytwo=42 [GkStatus::Auth] KeyFilled=11 gkadmin=xIPXHCRLH2altxSB8Y/HJQ== rule=password [RoutedMode] GKRouted=1 CallSignalPort=0 AcceptUnregisteredCalls=1 #SupportNATedEndpoints=1 H245Routed=1 Q931PortRange=3-30199 H245PortRange=30200-30399 [RadAuth] Servers=localhost:1812 SharedSecret=testing123 [RadAcct] Servers=127.0.0.1:1813 SharedSecret=testing123 [Gatekeeper::Auth] RadAuth=required;RRQ,ARQ On Tue, 2004-07-06 at 19:11, Eki Y. Baskoro wrote: > G'Day, > > Could you paste a reduced content of your gnugk configuration file? > > Regards, > > Eki > > > Hi Eki, > > My NAS is GNUgk, ie GNU's Gatekeeper. > > I am setting up a VoIP service. > > > > On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: > > > G'Day Saket, > > > > > > Which NAS do you use? > > > > > > Regards, > > > > > > Eki > > > > > > > I've setup FreeRADIUS with LDAP. I've made sure that they both are > > > > interacting correctly using the 'radtest' test client that comes with > > > > FreeRADIUS. > > > > > > > > Now when I try authenticating a client supplying CHAP-Password, > FreeRADIUS > > > > produces an error saying that: > > > > > > > > rlm_ldap: Attribute "User-Password" is required for authentication. > > > > Cannot use "CHAP-Password". > > > > modcall[authenticate]: module "ldap" returns invalid > > > > > > > > How can I possibly deal with it ? > > > > > > > > Thanks, > > > > Saket > > > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Yes, you were rite. Now its working.. :) Thanks a ton On Tue, 2004-07-06 at 18:56, Alan DeKok wrote: > Saket Sathe <[EMAIL PROTECTED]> wrote: > > My NAS is GNUgk, ie GNU's Gatekeeper. > > I am setting up a VoIP service. > > You're also setting "Auth-Type := LDAP" for a request containing > CHAP. Don't do that. It won't work. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Thanks, Saket "I have never let my schooling interfere with my education." - Mark Twain (1835-1910) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
G'Day, Could you paste a reduced content of your gnugk configuration file? Regards, Eki > Hi Eki, > My NAS is GNUgk, ie GNU's Gatekeeper. > I am setting up a VoIP service. > > On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: > > G'Day Saket, > > > > Which NAS do you use? > > > > Regards, > > > > Eki > > > > > I've setup FreeRADIUS with LDAP. I've made sure that they both are > > > interacting correctly using the 'radtest' test client that comes with > > > FreeRADIUS. > > > > > > Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS > > > produces an error saying that: > > > > > > rlm_ldap: Attribute "User-Password" is required for authentication. > > > Cannot use "CHAP-Password". > > > modcall[authenticate]: module "ldap" returns invalid > > > > > > How can I possibly deal with it ? > > > > > > Thanks, > > > Saket > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Saket Sathe <[EMAIL PROTECTED]> wrote: > My NAS is GNUgk, ie GNU's Gatekeeper. > I am setting up a VoIP service. You're also setting "Auth-Type := LDAP" for a request containing CHAP. Don't do that. It won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Hi Eki, My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: > G'Day Saket, > > Which NAS do you use? > > Regards, > > Eki > > > I've setup FreeRADIUS with LDAP. I've made sure that they both are > > interacting correctly using the 'radtest' test client that comes with > > FreeRADIUS. > > > > Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS > > produces an error saying that: > > > > rlm_ldap: Attribute "User-Password" is required for authentication. > > Cannot use "CHAP-Password". > > modcall[authenticate]: module "ldap" returns invalid > > > > How can I possibly deal with it ? > > > > Thanks, > > Saket > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
G'Day Saket, Which NAS do you use? Regards, Eki > I've setup FreeRADIUS with LDAP. I've made sure that they both are > interacting correctly using the 'radtest' test client that comes with > FreeRADIUS. > > Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS > produces an error saying that: > > rlm_ldap: Attribute "User-Password" is required for authentication. > Cannot use "CHAP-Password". > modcall[authenticate]: module "ldap" returns invalid > > How can I possibly deal with it ? > > Thanks, > Saket > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS + LDAP + CHAP problem
I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute "User-Password" is required for authentication. Cannot use "CHAP-Password". modcall[authenticate]: module "ldap" returns invalid How can I possibly deal with it ? Thanks, Saket - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html