hi, i just want to understand.
why [ldap] Added User-Password = test in check items , and how to replace it by Cleartext-Password. Is ldap returns password non crypted? is ldap use 'Auth-Type = Local' ? cause in my users files i just use this. DEFAULT Huntgroup-Name == labtest8021x, Ldap-Group == labtest8021x, User-Profile := "cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com" Tunnel-Type = VLAN, Tunnel-Medium-type = IEEE-802, Tunnel-Private-Group-ID = 100, Fall-Through = no i don't really understand how ldap deals back information. Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=129, length=153 User-Name = "bernard" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1A-A1-64-BB-1A" Calling-Station-Id = "00-18-8B-B5-26-B7" EAP-Message = 0x0202000c016265726e617264 Message-Authenticator = 0xd1135be7c82704b37a76a55d1cfb5091 Cisco-NAS-Port = "FastEthernet0/24" NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "bernard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ldap] Entering ldap_groupcmp() [files] expand: dc=example,dc=com -> dc=example,dc=com [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [files] ... expanding second conditional [files] expand: %{User-Name} -> bernard [files] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 10.75.128.251:389, authentication 0 [ldap] bind as cn=manager,ou=admins,ou=radius,dc=example,dc=com/test to 10.75.128.251:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=example,dc=com, with filter (cn=bernard) [ldap] ldap_release_conn: Release Id: 0 [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [files] ... expanding second conditional [files] expand: %{User-Name} -> bernard [files] expand: (&(cn=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile)) -> (&(cn=bernard)(objectclass=radiusprofile)) [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=example,dc=com, with filter (&(radiusGroupName=labtest8021x)(&(cn=bernard)(objectclass=radiusprofile))) rlm_ldap::ldap_groupcmp: User found in group labtest8021x [ldap] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 72 ++[files] returns ok [ldap] performing user authorization for bernard [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> bernard [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=bernard) [ldap] expand: dc=example,dc=com -> dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=example,dc=com, with filter (cn=bernard) [ldap] performing search in cn=labtest8021x,ou=profiles,ou=radius,dc=example,dc=com, with filter (objectclass=radiusprofile) [ldap] radiusFramedRouting -> Framed-Routing = None [ldap] radiusFramedIPNetmask -> Framed-IP-Netmask = 255.255.254.0 [ldap] radiusFramedProtocol -> Framed-Protocol = PPP [ldap] radiusServiceType -> Service-Type = Framed-User [ldap] Added User-Password = test in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] user bernard authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! *=> how it's not in my users files* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: Please update your configuration, and remove 'Auth-Type = Local' * => how that came to local?* WARNING: Use the PAP or CHAP modules instead. *=> same question* No User-Password or CHAP-Password attribute in the request. Cannot perform authentication. Failed to authenticate the user. Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 129 to 192.168.20.253 port 1645 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" Framed-Routing = None Framed-IP-Netmask = 255.255.254.0 Framed-Protocol = PPP Service-Type = Framed-User Waking up in 4.9 seconds. Cleaning up request 0 ID 129 with timestamp +17 Ready to process requests. thank u so much
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html