On Thu, 18 Sep 2003, Vishal Jose wrote:
> On Thu, 18 Sep 2003 12:30:02 +0300 (EEST)
> Kostas Kalevras <[EMAIL PROTECTED]> wrote:
>
> > > What I need now is CHAP-Password type to be
> > > send across to Radius Server from Client.My password in the LDAP database is
> > > plain text.I would like to know what is addition that to be given in
> > > radiusd.conf if necessary?
> >
> > This has been discussed many times in the list. Check the list archives. Also
> > doc/rlm_ldap includes plenty of information on the subject.
>
>
> B'4 posting the former mail I checked out the mailing list....But still I didn't
> able to figure out.Sorry if I have missed to pin point something
>
> When I issue command say
>
> $ echo "User-Name = \"vishal\", CHAP-Password = \"vishal\"" | radclient -x -s
> 10.0.1.180 auth testing123
>
> $ radiusd -x
> rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47
> User-Name = "vishal"
> CHAP-Password = 0x80c8b36527f114b9b5845eee357625c2b4
> rlm_chap: Setting 'Auth-Type := CHAP'
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for vishal
> ldap_get_conn: Got Id: 0
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding sn as User-Name, value vishal & op=21
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user vishal authorized to use remote access
> ldap_release_conn: Release Id: 0
> rlm_chap: login attempt by "vishal" with CHAP password ??³e'?????^?5v%??
> rlm_chap: Could not find clear text password for user vishal
So the user clear text password is not available. This means that rlm_ldap does
not extract the corresponding password from the user ldap entry
> rad_recv: Access-Request packet from host 10.0.1.180:1122, id=128, length=47
> Sending Access-Reject of id 128 to 10.0.1.180:1122
>
>
> my radiusd.conf is
> ldap{
>
> server = "10.0.1.180"
> basedn = "o=icope"
> filter = "cn=%u"
> password_attribute = userPassword
> password_header = "{clear}"
Based on your posted user entry:
dn: cn=vishal,o=icope
sn: vishal
cn: vishal
userPassword: vishal
objectClass: person
telephoneNumber: 5716909
description: He is a employee
You don't need to set password_header. So leave it commented out.
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> timeout = 4
> timelimit = 3
> net_timeout = 1
> ldap_debug = 0x0000
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
