Hiya I need some help to configure freeradius with openldap. I have a ldap database which stores password in SSHA format, so i choose PAP for authentication. I want to use freeradius to authenticate on a netgear Wifi access point.
(http://deployingradius.com/documents/protocols/compatibility.html) I've set up the AP in client freeradius in clients.conf, with a secret and shortname like in documentation. Next i've put auto_header = yes in pap.conf And uncomment the line ldap to activate module in /site-enable/default When i start server in debug mode, authorization works fine but server have problems to authentication step and i don't understand why Here is the debug comments : rad_recv: Access-Request packet from host 192.168.0.201 port 32774, id=85, length=169 User-Name = "cyril" NAS-IP-Address = 192.168.0.201 NAS-Identifier = "hello" NAS-Port = 0 Called-Station-Id = "4C-60-DE-D2-22-61:easyBridge2" Calling-Station-Id = "7C-C5-37-14-16-C9" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x0200000e016e6c61746869657265 Message-Authenticator = 0x2bf3ec3446adc97ea15c4c160ee8b0bbThu Nov 22 15:04:36 2012 : Wed Nov 21 18:39:17 2012 : Info: [ldap] looking for reply items in directory... Wed Nov 21 18:39:17 2012 : Info: [ldap] user cyril authorized to use remote access Wed Nov 21 18:39:17 2012 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Nov 21 18:39:17 2012 : Info: ++[ldap] returns ok Wed Nov 21 18:39:17 2012 : Info: ++[expiration] returns noop Wed Nov 21 18:39:17 2012 : Info: ++[logintime] returns noop Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing NT-Password from hex encoding Wed Nov 21 18:39:17 2012 : Info: [pap] Normalizing SSHA1-Password from base64 encoding Wed Nov 21 18:39:17 2012 : Info: [pap] Found existing Auth-Type, not changing it. Wed Nov 21 18:39:17 2012 : Info: ++[pap] returns noop Wed Nov 21 18:39:17 2012 : Info: Found Auth-Type = PAP Wed Nov 21 18:39:17 2012 : Info: +- entering group PAP {...} Auth: [pap] Attribute "Password" is required for authentication. Thu Nov 22 15:04:36 2012 : Info: ++[pap] returns invalid Thu Nov 22 15:04:36 2012 : Info: Failed to authenticate the user. Thu Nov 22 15:04:36 2012 : Auth: Login incorrect: [cyril/<via Auth-Type = PAP>] (from client WNAP320 port 0 cli 44-A7-CF-CD-C5-C7) Thu Nov 22 15:04:36 2012 : Info: Using Post-Auth-Type Reject Thu Nov 22 15:04:36 2012 : Info: +- entering group REJECT {...} Thu Nov 22 15:04:36 2012 : Debug: expand: %{User-Name} -> cyril Thu Nov 22 15:04:36 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Nov 22 15:04:36 2012 : Info: ++[attr_filter.access_reject] returns updated Thu Nov 22 15:04:36 2012 : Info: Delaying reject of request 5 for 1 seconds Thu Nov 22 15:04:36 2012 : Debug: Going to the next request Thu Nov 22 15:04:36 2012 : Debug: Waking up in 0.9 seconds. Thu Nov 22 15:04:37 2012 : Info: Sending delayed reject for request 5
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
