Re: PEAP or TTLS with Ldap ?

Fri, 06 Feb 2004 02:18:08 -0800

Hi,

I've realized a other test with a modification radiusd.conf.

I've added ldap in authorize section like this :
authorize {
        preprocess
        chap
        mschap
        suffix
#  ldap gets the Configured password.
        ldap
        eap
        files
}

But now, server don't performe EAP/TTLS authentication.

See below output :

Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=187, length=100 NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
EAP-Message = 0x0200000a016130313533
Message-Authenticator = 0xab45a05ade408f00f107fba3a49bd5ac
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for a0153
radius_xlat: '(cn=a0153)'
radius_xlat: 'dc=platine,dc=org'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.154.32.1:3268, authentication 0
rlm_ldap: bind as / to 10.154.32.1:3268
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=platine,dc=org, with filter (cn=a0153)
rlm_ldap: no dialupAccess attribute - access denied by default
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns userlock for request 0
modcall: group authorize returns userlock for request 0
Invalid user (rlm_ldap: Access Attribute denies access): [a0153/<no User-Password attribute>] (from client sw-info-ouest-test port 0 cli 00-0b-cd-ac-7a-fa)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 187 to 10.154.253.18:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 187 with timestamp 402359f2
Nothing to do. Sleeping until we see a request.

Regards,
Jean-Paul.
--
--  Jean-Paul Chapalain - GICM -  Resp. Reseaux et Infrastructure
--  32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE
--  Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED]
--  Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to