Hello,
I'm trying to figure out how to make freeradius work with LDAP and CHAP
authentification.
My user file looks like this:
DEFAULT Service-Type = Framed-User
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.10.100+,
Framed-IP-Netmask = 255.255.255.0
And in my radiusd.conf I've something like this:
modules {
...
chap {
authtype = CHAP
}
ldap {
server = "myserver"
basedn = "ou=devices,o=group,dc=toto,dc=com"
filter = "(cn=%u)"
ldap_connections_number = 5
password_header = "{clear}"
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
....
}
authorize {
chap
ldap
files
}
....
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type LDAP {
ldap
}
}
Everithing is working well with the radtest utility whci sends User-Password
Attribute, but when I try to authentificate a client that sends
Chap-password I've the following output:
....
rlm_ldap: user XXXXXXXX authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
users: Matched DEFAULT at 4
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_chap: login attempt by "XXXXXXXX" with CHAP password
rlm_chap: Could not find clear text password for user XXXXXXXX
modcall[authenticate]: module "chap" returns invalid for request 0
modcall: group authtype returns invalid for request 0
auth: Failed to validate the user.
Login incorrect (rlm_chap: Clear text password not available):
[XXXXXXXX/<CHAP-Password>] (from client radiusFT port 99 cli 490760808)
I've read a lot of posts and FAQs vut didn't find any solution. Can anyone
help me in solving this problem please ?
Thanks in advances
Best regards,
--
Sebastien Cantos <[EMAIL PROTECTED]>
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
