On Fri, 30 May 2003 [EMAIL PROTECTED] wrote:
> Always an Access-Reject when I use sn as userPassword
>
> Another Idea ? or a correction ?
>
> Philippe
>
> rad_recv: Access-Request packet from host 192.168.2.92:1570, id=4,
> length=48
> User-Name = "philippe"
> User-Password = "philippe"
> rlm_ldap: checking if remote access for philippe is allowed by sn
> rlm_ldap: Added password philippe in check items
^^^^^^^^^^^^^^^^^^^^^
That's good
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> Invalid operator for item User-Password: reverting to '=='
> rlm_ldap: user philippe authorized to use remote access
> rad_check_password: Found Auth-Type USERS
> auth: type "USERS"
> modcall: entering group authtype
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "philippe" with password "philippe"
> rlm_ldap: user DN: uid=philippe,ou=Users,dc=e-qual,dc=fr
> rlm_ldap: (re)connect to 192.168.1.53:389, authentication 1
> rlm_ldap: bind as uid=philippe,ou=Users,dc=e-qual,dc=fr/philippe to
> 192.168.1.53:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: uid=philippe,ou=Users,dc=e-qual,dc=fr bind to 192.168.1.53:389
> failed Insufficient access
> rlm_ldap: ldap_connect() failed
> modcall[authenticate]: module "ldap1" returns fail
> modcall: group authtype returns fail
> auth: Failed to validate the user.
> Login incorrect: [philippe/philippe] (from client testing port 0)
OK, so you configured your server to do ldap authentication (ldap bind
operation). That way, your extracted user password will *never* be used.
Configure it to do authentication using the pap module and it will work just
fine.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
