Hello, I'm pretty new to ldap and radius, I try to put and 802.x authentication but I have difficulties setting it up correctly.
Here is my problem: When I start the radtest binary: radtest "test" "supersecret" localhost 2 testing123 Here is the result: Sending Access-Request of id 45 to 127.0.0.1:1812 User-Name = "test" User-Password = "supersecret" NAS-IP-Address = lavoisier NAS-Port = 2 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=45, length=20 Here is the log on the radius server (Started with radiusd -X): rad_recv: Access-Request packet from host 127.0.0.1:61292, id=50, length=56 User-Name = "test" User-Password = "supersecret" NAS-IP-Address = 255.255.255.255 NAS-Port = 2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 3 users: Matched entry DEFAULT at line 78 users: Matched entry DEFAULT at line 160 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(uid=test)' radius_xlat: 'dc=fr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=fr, with filter (uid=test) rlm_ldap: checking if remote access for test is allowed by radiusFilterId rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value Enterasys:version=1:policy=Enterprise User & op=11 rlm_ldap: user test authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP-Message not found rlm_eap: Malformed EAP Message modcall[authenticate]: module "eap" returns fail for request 3 modcall: group authenticate returns fail for request 3 auth: Failed to validate the user. Login incorrect: [test] (from client localhost port 2) Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 50 to 127.0.0.1:61292 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 50 with timestamp 43b8f992 Nothing to do. Sleeping until we see a request. For the moment I have one box running Openldap on a debian/SPARC and one box running Freeradius on a FreeBSD 5.3/SPARC The LDAP user info: dn: cn=test,ou=users, dc=fr userPassword:: e1NIQX1jTWc1Y3dTazFuUEdMZW56UUw5UEdpV1pHSVU9 ou: ou=mind-techno,dc=fr objectClass: top objectClass: person objectClass: pilotPerson objectClass: radiusProfile janetMailbox: [EMAIL PROTECTED] sn: test cn: test The SLDAPD conf file: access to dn="cn=.*,dc=fr" attr=userPassword by dn="cn=admin,dc=fr" write by anonymous auth by self write by * none The RADIUS radiusd.conf file: ldap { server = "galilee.mind-techno.fr" identity = "cn=emanager,dc=fr" password = "XXXXXXXXXXXXXX" basedn = "dc=fr" filter = "(uid=%u)" # base_filter = "(objectclass=radiusprofile)" start_tls = no access_attr = "radiusFilterId" dictionary_mapping = ${raddbdir}/ldap.attrmap #authtype = ldap ldap_connections_number = 5 password_attribute = "userPassword" timeout = 4 timelimit = 3 net_timeout = 1 } authenticate { # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. Auth-Type LDAP { ldap } # # Allow EAP authentication. eap } The RADIUS users file: DEFAULT Auth-Type := EAP Fall-Through = 1 # Reply-Message = "LDAP" I must admit I'm pretty lost in all this, And that any help will be nice. I would be grateful if you had a how-to or tutorial on how to build a easy and working 802.x authentication with a Radius/LDAP system. Best regards, -- M. Robert Wakim Mind Technologies 24 rue Victor Hugo 94220 Charenton-Le-Pont FRANCE tel : +33 (0)1 41 79 09 40 Fax : +33 (0)1 43 68 80 32 Email : [EMAIL PROTECTED] web : http://www.mind-techno.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html