I belive you are right about LDAP query not comming back from LDAP server
I turned on ldap_debug = 1 and shows this:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ====== full capture ==============
rad_recv: Access-Request packet from host 1.155.6.61:32787, id=133, length=136
Service-Type = Framed-User Framed-Protocol = PPP User-Name = "bluetest" MS-CHAP-Challenge = 0xeb3dac1ea527bc4a70547902df46929a MS-CHAP2-Response = 0x01006c1695d4b15bd8512a77a535245fa8460000000000000000cf4c7ec1798f10cf3ff233f565b97c8fa24a769291f65eb0 NAS-IP-Address = 1.155.6.61 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for bluetest radius_xlat: '(uid=bluetest)' radius_xlat: 'o=cbcsrc' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 1.155.1.19:389, authentication 0 rlm_ldap: bind as / to 1.155.1.19:389 ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: 1.155.1.19 ldap_new_socket: 6 ldap_prepare_socket: 6 ldap_connect_to_host: Trying 1.155.1.19:389 ldap_connect_timeout: fd: 6 tm: 1 async: 0 ldap_ndelay_on: 6 ldap_is_sock_ready: 6 ldap_ndelay_off: 6 ldap_open_defconn: successful ldap_send_server_request rlm_ldap: waiting for bind result ... ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (timeout 4 sec, 0 usec), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: 1.155.1.19 port: 389 (default) refcnt: 2 status: Connected last used: Thu Sep 30 14:15:32 2004 ** Outstanding Requests:
* msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL do_ldap_select read1msg: msgid 1, all 1 ldap_read: message type bind msgid 1, original id 1 new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 1 request 1 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_result ldap_msgfree rlm_ldap: Bind was successful rlm_ldap: performing search in o=cbcsrc, with filter (uid=bluetest) ldap_search put_filter "(uid=bluetest)" put_filter: simple put_simple_filter "uid=bluetest" ldap_send_initial_request ldap_send_server_request ldap_result msgid 2 ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL wait4msg (timeout 4 sec, 0 usec), msgid 2 wait4msg continue, msgid 2, all 1 ** Connections: * host: 1.155.1.19 port: 389 (default) refcnt: 2 status: Connected last used: Thu Sep 30 14:15:32 2004 ** Outstanding Requests:
* msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL do_ldap_select read1msg: msgid 2, all 1 ldap_read: message type search-entry msgid 2, original id 2 wait4msg: 3 secs to go wait4msg continue, msgid 2, all 1 ** Connections: * host: 1.155.1.19 port: 389 (default) refcnt: 2 status: Connected last used: Thu Sep 30 14:15:32 2004 ** Outstanding Requests:
* msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: * msgid 2, type 100 ldap_chkResponseList for msgid=2, all=1 ldap_chkResponseList returns NULL read1msg: msgid 2, all 1 ldap_read: message type search-result msgid 2, original id 2 new result: res_errno: 0, res_error: <>, res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 2 request 2 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_free_connection ldap_free_connection: refcnt 1 adding response id 2 type 101: ldap_parse_result ldap_get_dn rlm_ldap: looking for check items in directory... ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values rlm_ldap: looking for reply items in directory... ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values ldap_get_values rlm_ldap: user bluetest authorized to use remote access ldap_msgfree rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for bluetest with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user. Login incorrect: [bluetest/<no User-Password attribute>] (from client bluesocket port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 133 to 1.155.6.61:32787 MS-CHAP-Error = "\001E=691 R=1" Waking up in 4 seconds... |
- Re: MS-CHAP and LDAP HOWTOs (Sorry very long) Andrew Werbowy
- Re: MS-CHAP and LDAP HOWTOs (Sorry very long) Alan DeKok
- Re: MS-CHAP and LDAP HOWTOs (Sorry very long) Andreas Haumer
- Re: MS-CHAP and LDAP HOWTOs (Sorry very long) Alan DeKok
- Re: MS-CHAP and LDAP HOWTOs (Sorry very lo... Andreas Haumer
- Re: MS-CHAP and LDAP HOWTOs (Sorry ve... Alan DeKok
- Re: MS-CHAP and LDAP HOWTOs (Sorry ve... Stefan . Neis