Hi, Im still with problems in ldap and eap-md5 authentication Local eap-md5 authentication is fine ... radtest with ldap is fine too without authorize and authenticate eap
Both eap-md5 and ldap doesnt work ... my freeradius version now is FreeRADIUS Version 1.0.0-pre0 radiusd.conf ------------------------- ldap { server = "10.1.10.184" identity = "cn=Manager,dc=uasicredi,dc=com,dc=br" password = sicredi basedn = "ou=People,dc=uasicredi,dc=com,dc=br" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userPassword timeout = 4 timelimit = 3 net_timeout = 1 } eap { default_eap_type = md5 timer_expire = 60 ignore_unknown_eap_types = no md5 { } } authorize { eap files ldap } authenticate { eap } dn: uid=user11, ou=People, dc=uasic,dc=com host: * sambaAcctFlags: [U ] mail: [EMAIL PROTECTED] uid: user11 sambaLMPassword: A0B0AC8F18874B99AAD3B435B51404EE sambaPwdCanChange: 1077918404 radiusGroupName: radius_lan radiusExtremeNetloginVlan: sicrac objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: account objectClass: top objectClass: radiusprofile description: User Radius 1 sambaProfilePath: \\aton\profiles\user11 uidNumber: 1003 sn: User Radius 1 gidNumber: 100 gecos: User Radius 1 sambaPwdMustChange: 2147483647 radiusExtremeNetloginOnly: Enabled sambaPwdLastSet: 1077918404 shadowMin: 1 userPassword:: e1NIQX1YMG1CdjZSSVpyS0FwL1l3bzZBNlA3TkdFMFU9 radiusAuthType: eap dialupAccess: yes shadowWarning: 10 cn: user11 sambaNTPassword: E3E3461371FA27F382B3E525F61668D5 sambaHomeDrive: U: mobile: 91060391 homeDirectory: /home/user11 givenName: User Radius 1 displayName: User Radius 1 shadowInactive: 10 shadowLastChange: 12394 sambaSID: S-1-5-21-1396432685-3474415907-3787697022-3004 sambaDomainName: SIC sambaPrimaryGroupSID: S-1-5-21-1396432685-3474415907-3787697022-1201 shadowMax: 365 shadowExpire: 21914 loginShell: /bin/bash sambaHomePath: \\aton\user11 ------------------------------------------------------ rad_recv: Access-Request packet from host 10.1.14.254:1067, id=48, length=92 User-Name = "user11" EAP-Message = 0x0201000b01757365723131 NAS-IP-Address = 10.1.14.254 Service-Type = Login-User Calling-Station-Id = "172.22.17.103" NAS-Port-Type = Virtual Message-Authenticator = 0x6ce53147dd1f086aec9733e9fadffe40 modcall: entering group authorize for request 4 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall[authorize]: module "files" returns notfound for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for user11 radius_xlat: '(uid=user11)' radius_xlat: 'ou=People,dc=uasic,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=People,dc=uasic,dc=com with filter (uid=user11) request 6 done rlm_ldap: Added password {SHA}X0mBv6RIZrKAp/Ywo6A6P7NGE0U= in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusAuthType as Auth-Type, value eap & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusExtremeNetloginOnly as Extreme-Netlogin-Only, value Enabled & op=11 rlm_ldap: Adding radiusExtremeNetloginVlan as Extreme-Netlogin-Vlan, value sicrac & op=11 rlm_ldap: user user11 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type eap auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 48 to 10.1.14.254:1067 Extreme-Netlogin-Only = Enabled Extreme-Netlogin-Vlan = "sicrac" EAP-Message = 0x010200160410b0c9730e0bcf18356262001518bb5a7e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5e6e9f795238443869a6f7eac46f83d4 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.1.14.254:1068, id=51, length=127 User-Name = "user11" EAP-Message = 0x0202001c0410410fa347946c9a1428e78db9caede038757365723131 NAS-IP-Address = 10.1.14.254 Service-Type = Login-User Calling-Station-Id = "172.22.17.103" NAS-Port-Type = Virtual State = 0x5e6e9f795238443869a6f7eac46f83d4 Message-Authenticator = 0xe8543be9c5a40b1080da64e5371126b6 modcall: entering group authorize for request 5 rlm_eap: EAP packet type response id 2 length 28 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall[authorize]: module "files" returns notfound for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for user11 radius_xlat: '(uid=user11)' radius_xlat: 'ou=People,dc=uasic,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=People,dc=uasic,dc=com with filter (uid=user11) request 7 done rlm_ldap: Added password {SHA}X0mBv6RIZrKAp/Ywo6A6P7NGE0U= in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusAuthType as Auth-Type, value eap & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusExtremeNetloginOnly as Extreme-Netlogin-Only, value Enabled & op=11 rlm_ldap: Adding radiusExtremeNetloginVlan as Extreme-Netlogin-Vlan, value sicrac & op=11 rlm_ldap: user user11 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type eap auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 5 modcall: group authenticate returns reject for request 5 auth: Failed to validate the user. Login incorrect: [user11/<no User-Password attribute>] (from client private-network-1 port 0 cli 172.22.17.103) Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.1.14.254:1068, id=51, length=127 Sending Access-Reject of id 51 to 10.1.14.254:1068 EAP-Message = 0x04020004 Message-Authenticator = 0x00000000000000000000000000000000 Extreme-Netlogin-Only = Enabled Extreme-Netlogin-Vlan = "sicrac" --- Walking the entire request list --- Waking up in 3 seconds... thanks for any help .... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html