How to block user to authenticate over ldap
Hi, With help of list i make my freeradius + ldap, now works. But now i have other doubt, how to disable one user to authenticate in freeradius? Remember, i dont block user to log in ldap, but block user to use freeradius. Thank for help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to Change Auth Type LOcal to LDAP only
HI list, In few weeks i try to configure freeradius with ldap, but no sucess. Ok ok, i read many about this, but no work. Only authenticate Local, but need authenticate only with LDAP. See bellow my radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 #bind_address = * #port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = yes lower_pass = yes nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad listen { type = auth ipaddr = 10.12.60.19 port = 0 } listen { type = acct ipaddr = 10.12.60.19 port = 0 } security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { } ldap { server = "ldap.intra proxy.intra localhost" identity = "uid=vpnpptp,ou=sistemas,dc=policiacivil,dc=rs,dc=gov,dc=br" password = dfjk129!@ basedn = "dc=policiacivil,dc=rs,dc=gov,dc=br" filter = "(uid=%u)" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userPassword groupname_attribute = radiusgroupname groupmembership_filter = (&(objectclass=posixGroup)(memberuid=%u)) timeout = 4 timelimit = 3 net_timeout = 1 set_auth_type = yes } #ldap { #server = "localhost" #identity = "cn=admin,dc=fabrica,dc=corp" # password = 123 # basedn = "ou=Usuarios,dc=fabrica,dc=corp" # filter = "(uid=%u)" # start_tls = no # dictionary_mapping = ${raddbdir}/ldap.attrmap # ldap_cache_timeout = 120 #ldap_cache_size = 0 #ldap_connections_number = 10 # password_attribute = userPassword # timeout = 3 # timelimit = 5 # net_timeout = 1 # compare_check_items = no # access_attr_used_for_allow = yes # set_auth_type = yes # } # realm LOCAL { # format = prefix # delimiter = "/" # ignore_default = no # ignore_null = no # } # # realm suffix { # format = suffix # delimiter = "@" # ignore_default = no # ignore_null = no # } # # realm realmpercent { # format = suffix # delimiter = "%" # ignore_default = no # ignore_null = no # } # # realm ntdomain { # format = prefix # delimiter = "\\" # ignore_default = no # ignore_null = no # } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port" } # $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ F
Re: Doubt - Freeradius + Ldap
Thanks john , i install in debian server, default config, apt-get install Directory is: /etc/freeradius ; Sorry, im newbie, but before i configure ldap module freeradius work, after configure ldap module, no way to connect, certain my problem stays with module ldap, authentication ... But dont see where ... Thanks for u reply. On 11/05/2010 05:17 PM, John Dennis wrote: On 11/05/2010 03:06 PM, Phil Mayers wrote: On 11/05/2010 06:47 PM, Eduardo Moreira wrote: sorry, but where i checked the shared secret? in clients.conf? Yes if yes, secret is ok! No it isn't; look at the packet: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = "username" User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP The User-Password attribute has clearly been decrypted badly; this means you've got the shared secret wrong somewhere. A common problem for folks who build their own versions of freeradius and mix it with a prebuilt version is the "root prefix" is different. If you build yourself the $prefix defaults to "/usr/local", but (most?) all prebuilt packages use $prefix of "/usr". That means you can end up with two copies of your config files (and loads of other files). Carefully look at the debug output of your radiusd -X, it will give you the full path of the files it's reading. Make sure the clients.conf you're looking at is *exactly* the same one the server is *actually* reading. Do this even if you haven't built your own package, just for sanity sake. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry, but where i checked the shared secret? in clients.conf? if yes, secret is ok! thanks for any help. On 11/04/2010 09:51 AM, eduardo moreira wrote: SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. clients.conf client 127.0.0.1 { secret = password shortname = localhost nastype = other # localhost isn't usually a NAS... } client 10.12.60.19 { secret = password shortname = any nastype = other } and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password And i see log of debug and receive this message: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = "username" User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization for username Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) -> (uid=username) Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b -> dc=a,dc=a,dc=c,dc=b Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra localhost:389 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password = {crypt}tg/iHj5yM2iXI in check items Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password-With-Header == "{crypt}tg/iHj5yM2iXI" Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword as RADIUS attribute NT-Password == 0x3738463934413643303931413730423936454135373046344341353438304531 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword as RADIUS attribute LM-Password == 0x3743414142444638393134314430423841414433423433354235313430344545 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "username" Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Thu Nov
Re: Doubt - Freeradius + Ldap
same message, but one message desappears: Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! before this message appears this: Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Please update your configuration so that the "known good" !!! Thu Nov 4 10:58:52 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Thu Nov 4 10:58:52 2010 : Debug: !!! Thu Nov 4 10:58:52 2010 : Debug: auth: type Local Thu Nov 4 10:58:52 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Thu Nov 4 10:58:52 2010 : Debug: auth: Failed to validate the user. Thu Nov 4 10:58:52 2010 : Auth: Login incorrect: [username/123456] (from clientany port 1812) Sending Access-Reject of id 168 to 10.12.60.19 port 53629 Thu Nov 4 10:58:52 2010 : Debug: Finished request 2. Thu Nov 4 10:58:52 2010 : Debug: Going to the next request Thu Nov 4 10:58:52 2010 : Debug: Waking up in 4.9 seconds. Thu Nov 4 10:58:57 2010 : Debug: Cleaning up request 2 ID 168 with timestamp +98 Thu Nov 4 10:58:57 2010 : Debug: Ready to process requests. in debug appears: security { reject_delay = 0 but still dont work thanks for help. 2010/11/4 Johan Meiring > On 2010/11/04 02:37 PM, eduardo moreira wrote: > >> sorry >> >> radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any >> >> > That should work. > The "any" is probably unnecesary. > > What does freeradius -X now say? > > > > > -- > > > Johan Meiring > Cape PC Services CC > Tel: (021) 883-8271 > Fax: (021) 886-7782 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
sorry radtest -d /etc/freeradius username 123456 10.12.60.19 1812 password any 2010/11/4 Johan Meiring > On 2010/11/04 02:16 PM, eduardo moreira wrote: > >> >> raddtest -d /etc/freeradius username password ip-server port-server >> secret but no works. >> >> > Copy and paste your command. > Do not retype it. > > > -- > > > Johan Meiring > Cape PC Services CC > Tel: (021) 883-8271 > Fax: (021) 886-7782 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
hi johan, thanks for u reply. i try with your command, raddtest -d /etc/freeradius username password ip-server port-server secret but no works. but thanks. 2010/11/4 Johan Meiring > On 2010/11/04 01:51 PM, eduardo moreira wrote: > >> >> and i use this command to test connection: >> radtest username 123456 10.12.60.19 1812 0 password >> >> > man radtest gives me this: > radtest [-d raddb_directory] user password radius-server nas-port-number > secret [ppphint] [nasname] > > Looking at your command: > > radtest username 123456 10.12.60.19 1812 0 password > > This maps to: > user=username > password=123456 > radius-server=10.12.60.19 > nas-port-number=1812 > secret=0 > ppphint=password > > > > > > > > -- > > > Johan Meiring > Cape PC Services CC > Tel: (021) 883-8271 > Fax: (021) 886-7782 > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Doubt - Freeradius + Ldap
SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see. clients.conf client 127.0.0.1 { secret = password shortname = localhost nastype = other # localhost isn't usually a NAS... } client 10.12.60.19 { secret = password shortname = any nastype = other } and i use this command to test connection: radtest username 123456 10.12.60.19 1812 0 password And i see log of debug and receive this message: Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73 User-Name = "username" User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Framed-Protocol = PPP Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization for username Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) -> (uid=username) Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b -> dc=a,dc=a,dc=c,dc=b Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra localhost:389 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username) Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password = {crypt}tg/iHj5yM2iXI in check items Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password-With-Header == "{crypt}tg/iHj5yM2iXI" Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword as RADIUS attribute NT-Password == 0x3738463934413643303931413730423936454135373046344341353438304531 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword as RADIUS attribute LM-Password == 0x3743414142444638393134314430423841414433423433354235313430344545 Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "username" Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in directory... Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop Thu Nov 4 09:30:02 2010 : Debug: !!! Thu Nov 4 09:30:02 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Pass
Re: Doubt - Freeradius + Ldap
Yes, i checke shared secred in clients. And i try to reinstall with apt-get but dont works. ty for help. 2010/11/1 Josip Rodin > On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote: > > It's probably since you didn't compile OpenLDAP and FreeRadius with > OpenSSL > > support. > > > > So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and > FreeRadius. > > No, no, no, and no. > > If you want to read random debug messages, don't pick just any. > > Yes, he doesn't have SSL support, but the log also says pretty clearly: > > > > Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing > EAP > > When the client does not use EAP, it's completely irrelevant that the > server > doesn't have support for SSL-using EAP methods. > > And there's clearly no reason to recompile even FR, let alone three other > different pieces of software. (For the former, just use lenny-backports.) > > The final error state is: > > > > Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: > > > [eduardo/1\320\026\305\020B)\323I\211\001\nx\204] (from client > > > BrasilTelecom port 1812) > > > Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in > the > > > password.Double-check the shared secret on the server and the NAS! > > So, have you double-checked the shared secret? > > -- > 2. That which causes joy or happiness. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt - Freeradius + Ldap
Hello list, Im new with freeradius, but read many about this and dont solve my problem. I have this problem with my implemention. Only appears this message with freeradius -X -x Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Mon Nov 1 15:04:23 2010 : Debug: rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Remaind: i using debian 5.0 And when try to connect, appears this message: Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "eduardo" Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: looking for reply items in directory... Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: user eduardo authorized to use remote access Mon Nov 1 15:06:10 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[ldap] returns ok Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[eap] returns noop Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Mon Nov 1 15:06:10 2010 : Debug: ++[chap] returns noop Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!!Replacing User-Password in config items with Cleartext-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Please update your configuration so that the "known good" !!! Mon Nov 1 15:06:10 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Mon Nov 1 15:06:10 2010 : Debug: !!! Mon Nov 1 15:06:10 2010 : Debug: auth: type Local Mon Nov 1 15:06:10 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password Mon Nov 1 15:06:10 2010 : Debug: auth: Failed to validate the user. Mon Nov 1 15:06:10 2010 : Auth: Login incorrect: [eduardo/1\320\026\305\020B)\323I\211�?\001\nx\204] (from client BrasilTelecom port 1812) Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Mon Nov 1 15:06:10 2010 : Debug: Delaying reject of request 0 for 1 seconds I try to reinstall but no sucess. I need help for advanced. If anyone have this solution or whatever, please help me. And sorry for my bad english. Regards, Eduardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html