Cant use crypt with chap and ldap -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Phillips Sent: 08 June 2005 18:19 To: freeradius-users@lists.freeradius.org Subject: MSChap/LDAP Question
I'm trying to authenticate MSChap with LDAP (LDAP has crypted passwords) for PPTP from a Cisco VPN box. I'm getting a strange error. Here's the logs: rad_recv: Access-Request packet from host ************:1071, id=138, length=153 User-Name = "csdgp" NAS-Port = 2311 Service-Type = Framed-User Framed-Protocol = PPP Tunnel-Client-Endpoint:0 = "**********" MS-CHAP-Challenge = 0x6ad5d5a423e76b09aeb8ac329215d4b1 MS-CHAP2-Response = 0x02000b2f32af6a677146bd81ec222958a45f00000000000000007249bfd5eb81dd31ee 0af1a17712be08a7bc758820949d71 NAS-IP-Address = ********** NAS-Port-Type = Virtual rlm_ldap: - authorize rlm_ldap: performing user authorization for csdgp rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as *************** to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user csdgp authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 Login incorrect: [csdgp/<no User-Password attribute>] (from client vpn1 port 2311) rad_recv: Access-Request packet from host ********:1071, id=138, length=153 Sending Access-Reject of id 138 to ********:1071 MS-CHAP-Error = "\002E=691 R=1" Here's the config: chap { authtype = CHAP } mschap { authtype = MS-CHAP use_mppe = yes } ldap { server = "localhost" identity = *************** password = *************** basedn = *************** filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}}) (host=ux1))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = "userPassword" timeout = 4 timelimit = 3 net_timeout = 1 } authorize { preprocess auth_log chap mschap suffix ldap } authenticate { Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } } -- End of config -- Am I up a creek here or is there something I can do? I haven't been able to find much online, but I may not be hitting the right things. -- Douglas G. Phillips Development Information Technology Services Eastern Illinois University (217) 581-7631 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html