hm, radius is very strange .... Can anyone please help me?
this is the logfile output after testing with radexample:
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=40, length=66
User-Name = "testuser"
User-Password = "123456"
Service-Type = Authenticate-Only
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(&(objectclass=gibraltarUser)(uid=testuser))'
radius_xlat: 'ou=users,dc=gibraltar,dc=local'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,dc=gibraltar,dc=local, with
filter (&(objectclass=gibraltarUser)(uid=testuser))
rlm_ldap: checking if remote access for testuser is allowed by isVPNUser
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "123456"
rlm_ldap: user DN: uid=testuser,ou=users,dc=gibraltar,dc=local
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=testuser,ou=users,dc=gibraltar,dc=local/123456 to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user testuser authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Sending Access-Accept of id 40 to 127.0.0.1:1025
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 40 with timestamp 422db560
Nothing to do. Sleeping until we see a request.
and this is the output after trying to connect via pptpd with winxp prof.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=41, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testuser"
NAS-IP-Address = 66.150.161.140
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
users: Matched DEFAULT at 152
users: Matched DEFAULT at 171
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(&(objectclass=gibraltarUser)(uid=testuser))'
radius_xlat: 'ou=users,dc=gibraltar,dc=local'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,dc=gibraltar,dc=local, with
filter (&(objectclass=gibraltarUser)(uid=testuser))
rlm_ldap: checking if remote access for testuser is allowed by isVPNUser
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 41 to 127.0.0.1:1025
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 41 with timestamp 422db59d
Nothing to do. Sleeping until we see a request.
The first part, the authorize-part works fine, but the authentication-part
will not work!!! Any ideas? In my radiusd.conf, I configured everything
right (I think). Otherwise it wouldn't work with radexample or radtest.
Just for understanding, what the hell does the authentication part do? What
attributes do I need for it to get it work? Isn't radiusauthtype enough?
I just want my users to authenticate via radius to my pptp server, I don't
need special authentication attributes like radiussessiontime or
whatever...
I tried to set authenticate-only as default, but it didn't work
please help!
best regards
peda
PS: Debian woody, with freeradius 1.0.1 and ppp 2.4.3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
