How to block user to authenticate over ldap
Hi, With help of list i make my freeradius + ldap, now works. But now i have other doubt, how to disable one user to authenticate in freeradius? Remember, i dont block user to log in ldap, but block user to use freeradius. Thank for help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to Change Auth Type LOcal to LDAP only
HI list,
In few weeks i try to configure freeradius with ldap, but no sucess.
Ok ok, i read many about this, but no work.
Only authenticate Local, but need authenticate only with LDAP.
See bellow my radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = freerad
group = freerad
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
#bind_address = *
#port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = yes
lower_pass = yes
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
listen {
type = auth
ipaddr = 10.12.60.19
port = 0
}
listen {
type = acct
ipaddr = 10.12.60.19
port = 0
}
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
}
ldap {
server = "ldap.intra proxy.intra localhost"
identity =
"uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br"
password = dfjk129!@
basedn = "dc=policiacivil,dc=rs,dc=gov,dc=br"
filter = "(uid=%u)"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userPassword
groupname_attribute = radiusgroupname
groupmembership_filter =
(&(objectclass=posixGroup)(memberuid=%u))
timeout = 4
timelimit = 3
net_timeout = 1
set_auth_type = yes
}
#ldap {
#server = "localhost"
#identity = "cn=admin,dc=fabrica,dc=corp"
# password = 123
# basedn = "ou=Usuarios,dc=fabrica,dc=corp"
# filter = "(uid=%u)"
# start_tls = no
# dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
#ldap_cache_size = 0
#ldap_connections_number = 10
# password_attribute = userPassword
# timeout = 3
# timelimit = 5
# net_timeout = 1
# compare_check_items = no
# access_attr_used_for_allow = yes
# set_auth_type = yes
# }
# realm LOCAL {
# format = prefix
# delimiter = "/"
# ignore_default = no
# ignore_null = no
# }
#
# realm suffix {
# format = suffix
# delimiter = "@"
# ignore_default = no
# ignore_null = no
# }
#
# realm realmpercent {
# format = suffix
# delimiter = "%"
# ignore_default = no
# ignore_null = no
# }
#
# realm ntdomain {
# format = prefix
# delimiter = "\\"
# ignore_default = no
# ignore_null = no
# }
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port"
}
# $INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
F
Re: Doubt - Freeradius + Ldap
Thanks john , i install in debian server, default config, apt-get install Directory is: /etc/freeradius ; Sorry, im newbie, but before i configure ldap module freeradius work, after configure ldap module, no way to connect, certain my problem stays with module ldap, authentication ... But dont see where ... Thanks for u reply. On 11/05/2010 05:17 PM, John Dennis wrote: On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = "username" User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the "root prefix" is different. If you build yourself the $prefix defaults to "/usr/local", but (most?) all prebuilt packages use $prefix of "/usr". That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry, but where i checked the shared secret? in clients.conf?
if yes, secret is ok!
thanks for any help.
On 11/04/2010 09:51 AM, eduardo moreira wrote:
SOrry about this mail Josip, but i checked again my clients.conf, and
i put conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
secret = password
shortname = any
nastype = other
}
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
And i see log of debug and receive this message:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.12.60.19 port 50105,
id=100, length=73
User-Name = "username"
User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user
authorization for username
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) -> (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b ->
dc=a,dc=a,dc=c,dc=b
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP
connection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as
cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra
proxy.intra localhost:389
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password =
{crypt}tg/iHj5yM2iXI in check items
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
userPassword as RADIUS attribute Password-With-Header ==
"{crypt}tg/iHj5yM2iXI"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambantPassword as RADIUS attribute NT-Password ==
0x3738463934413643303931413730423936454135373046344341353438304531
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambalmPassword as RADIUS attribute LM-Password ==
0x3743414142444638393134314430423841414433423433354235313430344545
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as
RADIUS attribute Group == "username"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized
to use remote access
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release
Id: 0
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from ldap (rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from eap (rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from chap (rlm_chap) for request 1
Thu Nov
Re: Doubt - Freeradius + Ldap
same message, but one message desappears:
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
before this message appears this:
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: !!!Replacing User-Password in config
items with Cleartext-Password. !!!
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: !!! Please update your configuration so
that the "known good" !!!
Thu Nov 4 10:58:52 2010 : Debug: !!! clear text password is in
Cleartext-Password, and not in User-Password. !!!
Thu Nov 4 10:58:52 2010 : Debug:
!!!
Thu Nov 4 10:58:52 2010 : Debug: auth: type Local
Thu Nov 4 10:58:52 2010 : Debug: auth: user supplied User-Password does NOT
match local User-Password
Thu Nov 4 10:58:52 2010 : Debug: auth: Failed to validate the user.
Thu Nov 4 10:58:52 2010 : Auth: Login incorrect: [username/123456] (from
clientany port 1812)
Sending Access-Reject of id 168 to 10.12.60.19 port 53629
Thu Nov 4 10:58:52 2010 : Debug: Finished request 2.
Thu Nov 4 10:58:52 2010 : Debug: Going to the next request
Thu Nov 4 10:58:52 2010 : Debug: Waking up in 4.9 seconds.
Thu Nov 4 10:58:57 2010 : Debug: Cleaning up request 2 ID 168 with
timestamp +98
Thu Nov 4 10:58:57 2010 : Debug: Ready to process requests.
in debug appears:
security {
reject_delay = 0
but still dont work
thanks for help.
2010/11/4 Johan Meiring
> On 2010/11/04 02:37 PM, eduardo moreira wrote:
>
>> sorry
>>
>> radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any
>>
>>
> That should work.
> The "any" is probably unnecesary.
>
> What does freeradius -X now say?
>
>
>
>
> --
>
>
> Johan Meiring
> Cape PC Services CC
> Tel: (021) 883-8271
> Fax: (021) 886-7782
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any 2010/11/4 Johan Meiring > On 2010/11/04 02:16 PM, eduardo moreira wrote: > >> >> raddtest -d /etc/freeradius username password ip-server port-server >> secret but no works. >> >> > Copy and paste your command. > Do not retype it. > > > -- > > > Johan Meiring > Cape PC Services CC > Tel: (021) 883-8271 > Fax: (021) 886-7782 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
hi johan, thanks for u reply. i try with your command, raddtest -d /etc/freeradius username password ip-server port-server secret but no works. but thanks. 2010/11/4 Johan Meiring > On 2010/11/04 01:51 PM, eduardo moreira wrote: > >> >> and i use this command to test connection: >> radtest username 123456 10.12.60.19 1812 0 password >> >> > man radtest gives me this: > radtest [-d raddb_directory] user password radius-server nas-port-number > secret [ppphint] [nasname] > > Looking at your command: > > radtest username 123456 10.12.60.19 1812 0 password > > This maps to: > user=username > password=123456 > radius-server=10.12.60.19 > nas-port-number=1812 > secret=0 > ppphint=password > > > > > > > > -- > > > Johan Meiring > Cape PC Services CC > Tel: (021) 883-8271 > Fax: (021) 886-7782 > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
SOrry about this mail Josip, but i checked again my clients.conf, and i put
conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
secret = password
shortname = any
nastype = other
}
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
And i see log of debug and receive this message:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100,
length=73
User-Name = "username"
User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization
for username
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) -> (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b ->
dc=a,dc=a,dc=c,dc=b
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP
connection lost.
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra
proxy.intra localhost:389, authentication 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as
cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra
localhost:389
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password =
{crypt}tg/iHj5yM2iXI in check items
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as
RADIUS attribute Password-With-Header == "{crypt}tg/iHj5yM2iXI"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword
as RADIUS attribute NT-Password ==
0x3738463934413643303931413730423936454135373046344341353438304531
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword
as RADIUS attribute LM-Password ==
0x3743414142444638393134314430423841414433423433354235313430344545
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS
attribute Group == "username"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in
directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use
remote access
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop
Thu Nov 4 09:30:02 2010 : Debug:
!!!
Thu Nov 4 09:30:02 2010 : Debug: !!!Replacing User-Password in config
items with Cleartext-Pass
Re: Doubt - Freeradius + Ldap
Yes, i checke shared secred in clients. And i try to reinstall with apt-get but dont works. ty for help. 2010/11/1 Josip Rodin > On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: > > It's probably since you didn't compile OpenLDAP and FreeRadius with > OpenSSL > > support. > > > > So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and > FreeRadius. > > No, no, no, and no. > > If you want to read random debug messages, don't pick just any. > > Yes, he doesn't have SSL support, but the log also says pretty clearly: > > > > Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing > EAP > > When the client does not use EAP, it's completely irrelevant that the > server > doesn't have support for SSL-using EAP methods. > > And there's clearly no reason to recompile even FR, let alone three other > different pieces of software. (For the former, just use lenny-backports.) > > The final error state is: > > > > Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: > > > [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client > > > BrasilTelecom port 1812) > > > Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in > the > > > password.Double-check the shared secret on the server and the NAS! > > So, have you double-checked the shared secret? > > -- > 2. That which causes joy or happiness. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt - Freeradius + Ldap
Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "eduardo" Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the "known good" !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
