Hi, Im still with problems in ldap and eap-md5 authentication
Local eap-md5 authentication is fine ... radtest with ldap is fine too
without authorize and authenticate eap
Both eap-md5 and ldap doesnt work ...
my freeradius version now is FreeRADIUS Version 1.0.0-pre0
radiusd.conf
-------------------------
ldap {
server = "10.1.10.184"
identity = "cn=Manager,dc=uasicredi,dc=com,dc=br"
password = sicredi
basedn = "ou=People,dc=uasicredi,dc=com,dc=br"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
md5 {
}
}
authorize {
eap
files
ldap
}
authenticate {
eap
}
dn: uid=user11, ou=People, dc=uasic,dc=com
host: *
sambaAcctFlags: [U ]
mail: [EMAIL PROTECTED]
uid: user11
sambaLMPassword: A0B0AC8F18874B99AAD3B435B51404EE
sambaPwdCanChange: 1077918404
radiusGroupName: radius_lan
radiusExtremeNetloginVlan: sicrac
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: account
objectClass: top
objectClass: radiusprofile
description: User Radius 1
sambaProfilePath: \\aton\profiles\user11
uidNumber: 1003
sn: User Radius 1
gidNumber: 100
gecos: User Radius 1
sambaPwdMustChange: 2147483647
radiusExtremeNetloginOnly: Enabled
sambaPwdLastSet: 1077918404
shadowMin: 1
userPassword:: e1NIQX1YMG1CdjZSSVpyS0FwL1l3bzZBNlA3TkdFMFU9
radiusAuthType: eap
dialupAccess: yes
shadowWarning: 10
cn: user11
sambaNTPassword: E3E3461371FA27F382B3E525F61668D5
sambaHomeDrive: U:
mobile: 91060391
homeDirectory: /home/user11
givenName: User Radius 1
displayName: User Radius 1
shadowInactive: 10
shadowLastChange: 12394
sambaSID: S-1-5-21-1396432685-3474415907-3787697022-3004
sambaDomainName: SIC
sambaPrimaryGroupSID: S-1-5-21-1396432685-3474415907-3787697022-1201
shadowMax: 365
shadowExpire: 21914
loginShell: /bin/bash
sambaHomePath: \\aton\user11
------------------------------------------------------
rad_recv: Access-Request packet from host 10.1.14.254:1067, id=48, length=92
User-Name = "user11"
EAP-Message = 0x0201000b01757365723131
NAS-IP-Address = 10.1.14.254
Service-Type = Login-User
Calling-Station-Id = "172.22.17.103"
NAS-Port-Type = Virtual
Message-Authenticator = 0x6ce53147dd1f086aec9733e9fadffe40
modcall: entering group authorize for request 4
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall[authorize]: module "files" returns notfound for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user11
radius_xlat: '(uid=user11)'
radius_xlat: 'ou=People,dc=uasic,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=uasic,dc=com with filter
(uid=user11)
request 6 done
rlm_ldap: Added password {SHA}X0mBv6RIZrKAp/Ywo6A6P7NGE0U= in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value eap & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusExtremeNetloginOnly as Extreme-Netlogin-Only, value
Enabled & op=11
rlm_ldap: Adding radiusExtremeNetloginVlan as Extreme-Netlogin-Vlan, value
sicrac & op=11
rlm_ldap: user user11 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type eap
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 48 to 10.1.14.254:1067
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "sicrac"
EAP-Message = 0x010200160410b0c9730e0bcf18356262001518bb5a7e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5e6e9f795238443869a6f7eac46f83d4
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.1.14.254:1068, id=51,
length=127
User-Name = "user11"
EAP-Message =
0x0202001c0410410fa347946c9a1428e78db9caede038757365723131
NAS-IP-Address = 10.1.14.254
Service-Type = Login-User
Calling-Station-Id = "172.22.17.103"
NAS-Port-Type = Virtual
State = 0x5e6e9f795238443869a6f7eac46f83d4
Message-Authenticator = 0xe8543be9c5a40b1080da64e5371126b6
modcall: entering group authorize for request 5
rlm_eap: EAP packet type response id 2 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall[authorize]: module "files" returns notfound for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for user11
radius_xlat: '(uid=user11)'
radius_xlat: 'ou=People,dc=uasic,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=uasic,dc=com with filter
(uid=user11)
request 7 done
rlm_ldap: Added password {SHA}X0mBv6RIZrKAp/Ywo6A6P7NGE0U= in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value eap & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusExtremeNetloginOnly as Extreme-Netlogin-Only, value
Enabled & op=11
rlm_ldap: Adding radiusExtremeNetloginVlan as Extreme-Netlogin-Vlan, value
sicrac & op=11
rlm_ldap: user user11 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type eap
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 5
modcall: group authenticate returns reject for request 5
auth: Failed to validate the user.
Login incorrect: [user11/<no User-Password attribute>] (from client
private-network-1 port 0 cli 172.22.17.103)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.1.14.254:1068, id=51,
length=127
Sending Access-Reject of id 51 to 10.1.14.254:1068
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "sicrac"
--- Walking the entire request list ---
Waking up in 3 seconds...
thanks for any help ....
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
