Dear Michael Hare,
Either your LDAP is not configured to add User-Password attribute to
configuration (:= operation should be used) or mschap module is not
configured to set Auth-Type to MS-CHAP (see module configuration).
--Wednesday, March 26, 2003, 7:47:48 PM, you wrote to [EMAIL PROTECTED]:
MH> Hello-
MH> Yes, I've seen that advice many times on the mailing list, however, I do
MH> have that setup already.
MH> authorize {
MH> preprocess
MH> attr_filter
MH> suffix
MH> files
MH> ldap
MH> chap
MH> mschap
MH> force_username
MH> }
MH> authenticate {
MH> authtype PAP {
MH> pap
MH> }
MH> authtype CHAP {
MH> chap
MH> }
MH> authtype MS-CHAP {
MH> mschap
MH> }
MH> authtype LDAP {
MH> ldap
MH> }
MH> }
MH> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
MH> Michael Hare
MH> UW-Madison/WiscNet Network Engineering
MH> My phone: 608-262-5236
MH> 24-Hour NOC: 608-263-4188
MH> WiscNet: 608-265-6761
MH> -----Original Message-----
MH> From: [EMAIL PROTECTED]
MH> [mailto:[EMAIL PROTECTED] On Behalf Of 3APA3A
MH> Sent: Wednesday, March 26, 2003 9:54 AM
MH> To: Michael Hare
MH> Subject: Re: What's a 'normal' looking debug for mschap (with ldap)?
MH> Dear Michael Hare,
MH> In authorize section mschap should follow the module retrieving user's
MH> password (for example ldap).
MH> --Wednesday, March 26, 2003, 6:26:01 PM, you wrote to
MH> [EMAIL PROTECTED]:
MH>> All-
MH>> I'm in the initial stages of understanding and trying to set up our LDAP
MH>> auth environment (storing plaintext passwords) with MSCHAP. We're using
MH> a
MH>> Cisco 30xx VPN concentrator.
MH>> I've read the rlm_mschap doc in the docs/ subdir, and I think I have my
MH>> radius config setup OK. However, I'm starting to wonder if I'm having
MH>> client, VPN concentrator issues, and hopefully by looking at my debugs
MH>> somebody on this list can help me decide that.
MH>> This is more than likely a problem with me not understanding CHAP, but I
MH>> find it strange there is no Chap-Password supplied in the access-request
MH>> packet.. Perhaps there are multiple pieces missing here? (Yes,
MH> non-CHAP
MH>> authentication works OK)
MH>> rad_recv: Access-Request packet from host 144.92.44.114:2474, id=50,
MH>> length=165
MH>> User-Name = "radius.testuser"
MH>> NAS-Port = 5735
MH>> Service-Type = Framed-User
MH>> Framed-Protocol = PPP
MH>> Tunnel-Client-Endpoint:0 = "128.104.19.106"
MH>> MS-CHAP-Challenge = 0x93f85072a0d1b096d65d11bdc1a6ecba
MH>> MS-CHAP2-Response =
MH>>
MH> 0x0200917d137fbe6068ce0ff6497fd585346f0000000000000000083a89c344e820927e54de
MH>> 0aab531960ebca12bd418e6904
MH>> NAS-IP-Address = 144.92.44.114
MH>> NAS-Port-Type = Virtual
MH>> ...
MH>> ...
MH>> rlm_chap: Could not find proper Chap-Password attribute in request
MH>> modcall[authorize]: module "chap" returns noop
MH>> modcall[authorize]: module "mschap" returns notfound
MH>> ...
MH>> ...
MH>> auth: type "LDAP"
MH>> modcall: entering group authtype
MH>> rlm_ldap: - authenticate
MH>> rlm_ldap: Attribute "User-Password" is required for authentication.
MH>> modcall[authenticate]: module "ldap" returns invalid
MH>> modcall: group authtype returns invalid
MH>> auth: Failed to validate the user.
MH>> Delaying request 1 for 1 seconds
MH>> Finished request 1
MH>> Going to the next request
MH>> --- Walking the entire request list ---
MH>> Waking up in 1 seconds...
MH>> --- Walking the entire request list ---
MH>> Sending Access-Reject of id 50 to 144.92.44.114:2474
MH>> MS-CHAP-Error = "\002E=691 R=1"
MH>> Waking up in 4 seconds...
MH>> --- Walking the entire request list ---
MH>> Cleaning up request 1 ID 50 with timestamp 3e81b844
MH>> Nothing to do. Sleeping until we see a request.
MH>> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
MH>> Michael Hare
MH>> UW-Madison/WiscNet Network Engineering
MH>> My phone: 608-262-5236
MH>> 24-Hour NOC: 608-263-4188
MH>> WiscNet: 608-265-6761
MH>> -
MH>> List info/subscribe/unsubscribe? See
MH> http://www.freeradius.org/list/users.html
--
~/ZARAZA
Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
