Alan DeKok wrote:
Try installing 2.0.5 in a separate directory and configuring it. Odds
are it will work.
in time I will try install it, but if i can't make this ( LDAP CHAP )
clear... definitely I will encounter the same problem again :)
2.0.5 has many, many fixes that aren't in 1.1.7. Some things that are
difficult to impossible in 1.1.7 are easy in 2.0.5.
Alan DeKok.
right now I have already installed 2.0.3 because the dependency just like 1.1.7 :D
waw lot of change I see ... but here we go the debug
User-Name = "testing"
CHAP-Password = 0xee8f74f97f724f06e54a9862f98ccef299
+- entering group authorize
++[preprocess] returns ok
rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.11.17:389, authentication 0
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.17:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: Password header not found in password Testing10 for user testing
rlm_ldap: Added User-Password = Testing10 in check items
------cut------
added user-password = Testing10 in check item .... this is the debug output
difference compare to 1.1.7
------cut------
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
rlm_chap: login attempt by "testing" with CHAP password
rlm_chap: Using clear text password "Testing10" for user testing
authentication.
rlm_chap: chap user testing authenticated succesfully
++[chap] returns ok
Login OK: [testing/<CHAP-Password>] (from client local port 0)
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
It's just work :D thanks Alan
however there is this strange string "Please update your configuration so that the "known good" clear text password is in Cleartext-Password, and not in User-Password."
after I digging the freeradius.org, I see people also have this minor problem,
and in a mail you say to change the attribute userpassword to
cleartext-password.
but in openldap schema v3 there isn't any attribute called cleartext-password...
is there any explanation for this ... everyone if you don't mind :) . still
digging in openldap forum :)
Thanks
Ryan Setiawan H
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject
to legal privilege. Any unauthorized use, copying, disclosure or communicating
any part of it to others is strictly prohibited and may be unlawful. If you are
not the intended recipient you must not use, copy, distribute or rely on this
email and should please return it immediately to the sender or notify us and
delete the email and any attachments from your system. We cannot accept
liability for loss or damage resulting from computer viruses. The integrity of
email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not
accept liability for any claims arising as a result of the use of this medium
for transmissions by or to PT BANK NISP, Tbk.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
