On Thu, 18 Sep 2003, Vishal Jose wrote: > On Thu, 18 Sep 2003 12:30:02 +0300 (EEST) > Kostas Kalevras <[EMAIL PROTECTED]> wrote: > > > > What I need now is CHAP-Password type to be > > > send across to Radius Server from Client.My password in the LDAP database is > > > plain text.I would like to know what is addition that to be given in > > > radiusd.conf if necessary? > > > > This has been discussed many times in the list. Check the list archives. Also > > doc/rlm_ldap includes plenty of information on the subject. > > > B'4 posting the former mail I checked out the mailing list....But still I didn't > able to figure out.Sorry if I have missed to pin point something > > When I issue command say > > $ echo "User-Name = \"vishal\", CHAP-Password = \"vishal\"" | radclient -x -s > 10.0.1.180 auth testing123 > > $ radiusd -x > rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47 > User-Name = "vishal" > CHAP-Password = 0x80c8b36527f114b9b5845eee357625c2b4 > rlm_chap: Setting 'Auth-Type := CHAP' > rlm_ldap: - authorize > rlm_ldap: performing user authorization for vishal > ldap_get_conn: Got Id: 0 > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding sn as User-Name, value vishal & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: user vishal authorized to use remote access > ldap_release_conn: Release Id: 0 > rlm_chap: login attempt by "vishal" with CHAP password ??³e'?????^?5v%?? > rlm_chap: Could not find clear text password for user vishal
So the user clear text password is not available. This means that rlm_ldap does not extract the corresponding password from the user ldap entry > rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47 > Sending Access-Reject of id 128 to 10.0.1.180:1122 > > > my radiusd.conf is > ldap{ > > server = "10.0.1.180" > basedn = "o=icope" > filter = "cn=%u" > password_attribute = userPassword > password_header = "{clear}" Based on your posted user entry: dn: cn=vishal,o=icope sn: vishal cn: vishal userPassword: vishal objectClass: person telephoneNumber: 5716909 description: He is a employee You don't need to set password_header. So leave it commented out. > dictionary_mapping = ${raddbdir}/ldap.attrmap > timeout = 4 > timelimit = 3 > net_timeout = 1 > ldap_debug = 0x0000 > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html