Title: RE: freeradius ldap and chap authentication problems
something is not ok yet:
radiusd.conf:
ldap {
Auth-Type := LDAP
server = ldap.gemnet.nl
identity = cn=directory manager
password = dirmgr12
basedn = c=NL
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
start_tls = no
tls_mode = no
profile_attribute = radiusProfileDn
dictionary_mapping = ${raddbdir}/ldap.attrmap
password_attribute = userPassword
password_header = {clear}
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
skip
authorize {
preprocess
ldap {
notfound = return
}
chap
sql
}
authenticate {
authtype CHAP {
chap
}
}
Radius.log after dial-in:
rad_recv: Access-Request packet from host 172.25.108.209:1814, id=21, length=133
NAS-IP-Address = 172.28.192.1
NAS-Port = 5
NAS-Port-Type = Virtual
User-Name = [EMAIL PROTECTED]
Called-Station-Id = 578750011
Calling-Station-Id = 555778822
CHAP-Password = 0x6da696ba2e24f6b98e7875851e1b02b55f
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x313435
CHAP-Challenge = \352\362\221\202\333O{' \341\270\345^33
modcall: entering group authorize
hints: Matched DEFAULT at 63
modcall[authorize]: module preprocess returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tjeerd
radius_xlat: '(uid=tjeerd)'
radius_xlat: 'c=NL'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.gemnet.nl:389, authentication 0
rlm_ldap: bind as cn=directory manager/dirmgr12 to ldap.gemnet.nl:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in c=NL, with filter (uid=tjeerd)
rlm_ldap: Password header not found in password {SSHA}J+fitIGC+3np1EKD3PFs/y04OAT9KBNEES2ZQA== for user tjeerd
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value { op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tjeerd authorized to use remote access
ldap_release_conn: Release Id: 0
Tjeerd
-Original Message-
From: Kostas Kalevras [mailto:[EMAIL PROTECTED]]
Sent: woensdag 4 juni 2003 22:35
To: [EMAIL PROTECTED]
Subject: RE: freeradius ldap and chap authentication problems
On Tue, 3 Jun 2003, Tjeerd Bos wrote:
Tjeerd Bos [EMAIL PROTECTED] wrote:
rlm_chap: login attempt by tjeerd with CHAP password
bip=C2v!?=F1?e=E7?= 5??=FA=E4
rlm_chap: Using clear text password { for user tjeerd
authentication.
!!!
ok, without looking at your rlm_ldap config i can bet that
you have configured
the password_header directive wrong. Fix it and it will work.
rlm_chap: Pasword check failed
Does that make ANY sense? Alan DeKok.
When I use sql authentication with authentication protocol
chap in stead of
ldap authentication it's working fine.
In ldap the passwords are stored in clear text.
The problem is that the incoming request at the ggaaa
server is a chap
challenge. It is not possible to reconstruct the password
in clear text from
this challenge. The ldap authentication will fail.
When I use the radtest command on the bbaaa server the
password is in clear
text. With this clear text password the authentication to
ldap is ok.
with regards,
Tjeerd Bos
PinkRoccade Infrastructure Services
Trusted Services
Apeldoorn
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html