Hi Vladimir,
Tks for your help, I've managed to setup the ldap with freeradius. One last
question is that is it possible to have freeradius authenticate thru ldap
and also the users file. The reason is because I need to create a guest
account for guests to login our wireless network. But the guest may not
allow me to install SecureW2 on their notebook, so I am hoping I can setup a
common password for guest inside users file. Or is there an easier way to
accomplish this? Appreciate if you can help me again. Thank you.
cheers,
melvin
----- Original Message -----
From: "melvin" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Wednesday, July 27, 2005 6:35 PM
Subject: Re: rlm_ldap: Attribute "User-Password" isrequired
forauthentication
Hi Vladimir,
I've followed your write-up on FreeRADIUS and LDAP and configured my
Windows clients to use TTLS+PAP but I still get the same error as below:
rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0,
length=125
User-Name = "melvin"
NAS-IP-Address = 192.168.84.11
Called-Station-Id = "000f66005feb"
Calling-Station-Id = "0012f075e7b3"
NAS-Identifier = "000f66005feb"
NAS-Port = 33
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000b016d656c76696e
Message-Authenticator = 0x1cbf370b745f6863e6478bfed57edd74
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "melvin", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Any ideas where I might go wrong?
cheers,
melvin
----- Original Message -----
From: "Vladimir Vuksan" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
<freeradius-users@lists.freeradius.org>
Sent: Tuesday, July 26, 2005 10:33 PM
Subject: Re: rlm_ldap: Attribute "User-Password" isrequired
forauthentication
melvin wrote:
LDAP does provide some authentication -- through the 'BIND' statement.
Incidentally, this is how the FreeRadius rlm_ldap module chooses to
authenticate against an LDAP entry... it attempts to 'bind' to it,
passing
the username and password to LDAP.
I have successfully integrated FreeRadius & LDAP -- I can get you my
config entries if you would like. It worked with OpenLDAP practically
out-of-the-box.
I have a write-up on FreeRADIUS and LDAP. It should apply to most
configurations
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
