Re: rlm_ldap: Attribute "User-Password" isrequired forauthentication

Wed, 27 Jul 2005 03:38:41 -0700 

Hi Vladimir,
I've followed your write-up on FreeRADIUS and LDAP and configured my Windows clients to use TTLS+PAP but I still get the same error as below: 


rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0, 
length=125

       User-Name = "melvin"
       NAS-IP-Address = 192.168.84.11
       Called-Station-Id = "000f66005feb"
       Calling-Station-Id = "0012f075e7b3"
       NAS-Identifier = "000f66005feb"
       NAS-Port = 33
       Framed-MTU = 1400
       NAS-Port-Type = Wireless-802.11
       EAP-Message = 0x0201000b016d656c76696e
       Message-Authenticator = 0x1cbf370b745f6863e6478bfed57edd74
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 modcall[authorize]: module "chap" returns noop for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: No '@' in User-Name = "melvin", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: EAP packet type response id 1 length 11
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 modcall[authorize]: module "eap" returns updated for request 0
   users: Matched entry DEFAULT at line 152
 modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
 rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
 modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.

Any ideas where I might go wrong?

cheers,
melvin


----- Original Message ----- 
From: "Vladimir Vuksan" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Tuesday, July 26, 2005 10:33 PM

Subject: Re: rlm_ldap: Attribute "User-Password" isrequired 
forauthentication




melvin wrote:


LDAP does provide some authentication -- through the 'BIND' statement.
Incidentally, this is how the FreeRadius rlm_ldap module chooses to

authenticate against an LDAP entry... it attempts to 'bind' to it, 
passing

the username and password to LDAP.

I have successfully integrated FreeRadius & LDAP -- I can get you my
config entries if you would like.  It worked with OpenLDAP practically
out-of-the-box.





I have a write-up on FreeRADIUS and LDAP. It should apply to most 
configurations


http://vuksan.com/linux/dot1x/802-1x-LDAP.html

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to