Hey, Thanks for the help... Still having difficulty, although I think you are right on target.
LDAP appear to respond correctly then Radius states that the User-Password attribute is missing. Isn't this what I set with the ldap.attrmap and dictionary_mapping in the radiusd.conf? Here are snippets from configs and the radiusd -X output for the failed eap request... Please let me know if more is needed. Thanks, Matt ********ldap.attrmap: checkItem User-Password userPassword ********radiusd.conf: modules { eap { default_eap_type = md5 timer_expire = 60 md5 { } mschap { authtype = MS-CHAP } ldap { server = "localhost" identity = "cn=Manager,dc=yoyo,dc=com" password = secret basedn = "dc=yoyo,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userPassword timeout = 4 timelimit = 3 net_timeout = 1 } } authorize { preprocess eap files mschap ldap } authenticate { Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } eap } *********Users File: testuser Auth-Type := EAP, User-Password == "testpass" raduser Auth-Type := Local, User-Password == "testpass" DEFAULT Auth-Type := LDAP Fall-Through = 1 *********radiusd -X output to failed eap request for ldap user rad_recv: Access-Request packet from host 143.116.5.238:2048, id=98, length=117 NAS-IP-Address = 192.168.1.238 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xf884d8f729a9e770bd73e8e33f6e22e7 NAS-Port = 20 Framed-MTU = 1490 User-Name = "matt_moore" Calling-Station-Id = "00-B0-D0-74-C3-5A" EAP-Message = 0x0201000f016d6174745f6d6f6f7265 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_eap: EAP packet type notification id 1 length 15 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated users: Matched DEFAULT at 154 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for matt_moore radius_xlat: '(uid=matt_moore)' radius_xlat: 'dc=yoyo,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=yoyo,dc=com, with filter (uid=matt_moore) rlm_ldap: Added password test123 in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding userPassword as User-Password, value test123 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user matt_moore authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid modcall: group Auth-Type returns invalid auth: Failed to validate the user. Login incorrect: [matt_moore/<no User-Password attribute>] (from client plant1 port 20 cli 00-B0-D0-74-C3-5A) Delaying request 4 for 1 seconds Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.238:2048, id=98, length=117 Sending Access-Reject of id 98 to 192.168.1.238:2048 --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 98 with timestamp 41f56ee2 Nothing to do. Sleeping until we see a request. --- NextGen$'s ShaDow <[EMAIL PROTECTED]> wrote: > I solved this problem using an other attribute : > in /etc/freeradius/ldap.attrmap : > > checkItem User-Password > radiusTunnelPassword > > and set up passwords in it ;-) > > I think it's only an access right problem on the > LDAP 'userPassword' > attribute... > > If that don't solve your problem, please send a copy > of your config. > files and give more informations : It'll be easier > to help. > > Regards > > Matt Moore a écrit : > > >Hello all, > > > >I am trying to setup a radius service for eap with > an > >ldap backend. I have gotten the ldap backend > working > >and I have gotten eap to work with a user defined > in > >the users file. Next 2 lines from my users file. > > > >testuser Auth-Type := EAP, User-Password == > >"testpass" > >DEFAULT Auth-Type := LDAP > > > >But, how do I get EAP to work with ldap backend in > >this situation? Or am I missing something more > >fundamental? I have looked through the archives, > but > >turned up only help on ldap or eap, not combining > the > >two... any pointers? > > > >Thanks, > >Matt Moore > > > > > > > > > >__________________________________ > >Do you Yahoo!? > >The all-new My Yahoo! - Get yours free! > >http://my.yahoo.com > > > > > > > >- > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > -- > NextGen$. > ---> In a world without fences nor walls - who needs > windows and gates ? > > On peut obéïr aux lois en souhaitant qu'elles > changent, comme on sert à la guerre en souhaitant la > paix. > Merleau Ponty "L'éloge de la philosophie" > > > ATTACHMENT part 2 application/pgp-signature name=signature.asc __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html