Hello,
I had a problem with ippool, but it is a NAS problem. I wanted to do
further checks so I upgrade to newer versions:
freeradius 1.0.2-4sarge3 stable (I come from this one)
freeradius 1.1.3-3 testing
freeradius 1.1.2-1bpo1 sarge-backports
Before, I was able to do LDAP or MSCHAP automatically.
I had and entry in users
lalot Auth-Type := ldap
Framed-IP-Address = XXX,
Framed-IP-Netmask = 255.255.255.0,
Fall-Through = Yes
If I put mschap in users, it's working for mschap..
The two new ones have the same problem. That's may ne due to an
incomplete update..
I don't put all the logs:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=xxx,dc=fr, with filter
(uid=lalot)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding supannaffectation as Pool-Name, value Pharo & op=21
rlm_ldap: Adding ntPassword as NT-Password, value XXX & op=21
rlm_ldap: Adding lmPassword as LM-Password, value XXX & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user lalot authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 11
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 11
modcall: leaving group authorize (returns ok) for request 11
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 11
and before:
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 2
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
You can notice the diff
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
and then rad_check_password: seems confused..
Any ideas?.
Config:
authorize {
preprocess
files
ldap
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
}
--
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
