On Jan 24, 2008 9:59 AM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Tomasz Zieleniewski wrote: > > Still something is wrong. > > > > I have the following authorize section: > ... > > In which the default configuration has been massively changed. > > I'm not sure where else to document this: If you are not clear on how > the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION. > > If the configuration you've created doesn't work, then it's clear that > there's something missing. In that case, follow the instructions in the > "man" page for how to create a working configuration. > ... > > Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok > > Thu Jan 24 09:40:35 2008 : Debug: auth: type Local > > Something in your local changes has set "Auth-Type := Local".
I didn't set it explicit. I don't know what caused setting Auth-Type to Local!!!!!! But I found my error. The problem was in ldap I didn't have Auth-Type Set in radius and I used old config from docs directory which didn't have set_auth_type parameter. > > > Can you please explain WHY you're doing that, WHERE you found > documentation saying that it was a good idea, and WHAT you think it's > doing? > > The documentation that comes with 2.0 tries very hard to explain that > setting "Auth-Type" is almost always wrong. Is there somewhere else we > need to document this? > > In addition, you're mapping a hashed password to a clear-text password: > > > Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute > userPassword as RADIUS attribute Cleartext-Password == > "{MD5}SNNMxdM+Zfvr//0yEp0DuA==" > > Again, this is NOT in the default configuration, and WILL NOT WORK. Similar problem my LDAP server return hashed passwords instead of plain-text i added additional parameter in LDAP which solved the issue. > > > Start off with the default configuration. Configure the "ldap" > module, and un-comment it from the "authorize" section. Your tests > SHOULD work. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html