Hi everybody, I've a Problem with my freeradius installation. In the office i have access points, which will authenticate over the freeradius server. Freeradius should look in ldap for username and password.
Thats what i get when i try to login with an iphone or ipad. rad_recv: Access-Request packet from host 10.119.12.3 port 1178, id=17, length=199 Message-Authenticator = 0x0842b4ee5b5b8aa8cdfd939570dc1cc3 Service-Type = Framed-User User-Name = "test.user" Framed-MTU = 1488 Called-Station-Id = "204E7FE98E93:test-int" Calling-Station-Id = "145A05C362D4" NAS-Identifier = "aptest03" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200001501646f6d696e697175652e6d6f747a6574 NAS-IP-Address = 10.119.12.3 NAS-Port = 2 NAS-Port-Id = "STA port # 2" +- entering group authorize ++[preprocess] returns ok rlm_realm: No '@' in User-Name = "test.user", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for dominique.motzet WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=%{Stripped-User-Name:-%{User-Name}})) -> (&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user)) expand: dc=test,dc=local -> dc=test,dc=local rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: starting TLS rlm_ldap: bind as cn=admin,dc=test,dc=local/Testing123 to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=test,dc=local, with filter (&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user)) rlm_ldap: checking if remote access for dominique.motzet is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password == "{crypt}$1$cyxWDOrg$J0RAKfQ8wiqboGuKakbNx0" rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password == 0x3245453043333441393146393533443035414246463830413531433346433037 rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password == 0x4633413830383632323945384445453438314645364439304239333331374342 rlm_ldap: looking for reply items in directory... rlm_ldap: user test.user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [test.user/<no User-Password attribute>] (from client aptest03 port 2 cli 145A05C362D4) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> test.user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Thx for help. MJ -- Adfinis SyGroup AG Mihajlo Joksimovic, System Engineer Güterstrasse 86 | CH-4053 Basel Tel. 061 333 80 33
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html