freeradius chap auth with ldap
How freeradius does chap auth using ldap server ? In pap, it binds with user's clear password to ldap server, and ldap server sends success bind if pawword is true. When using chap, how it can bind to ldap server? Does it send chap password to the ldap server? Is it needed another software with freeradius+ldap server(for example 389 DS) for doing chap authentication? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm-ldap error for chap
with Cleartext-password or User-Password I have the same error. radius -x and
my configs for chap are here. I searched a lot and test it but not found why it
can't find clear text password. Should I add other thing? or change another
file?
It worked for pap and I added :
in users :
DEFAULT Client-IP-Address == 10.10.10.2 , Auth-Type := Vpn, Autz-Type := Vpn,
Post-Auth-Type := Vpn, Session-type := Vpn
in radius.conf:
ldap ldap-Vpn{
password_attribute =
userPassword
password_header = "{clear}"
}
authorize {
chap
Autz-Type Vpn{
ldap-Vpn
chap
}
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type Vpn{
chap
}
}
radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded LDAP
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap-Dial-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap-Dial-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name
ldap-Dial
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS
Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to
RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS
Reply-Message
conns: 0x90f2d90
Module: Instantiated ldap (ldap-Vpn)
Module: Loaded always
Module: Instantiated always (ok)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
Module: Instantiated detail (auth_log)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded SQL Counter
Module: Instantiated sqlcounter (monthly-Vpn)
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap-Vpn-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap-Vpn-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap-Vpn
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP rad
rlm-ldap error for chap
Excuse me for replicated emails. I'm using old version of freeradius 1.1.3! When I tried to upgrade I had a problem and it is still in old version. this is the result of search in ldap server: dn: uid=test ,ou=example,... uid: test givenName: test objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: eduperson objectClass: radiusobjectprofile objectClass: radiusprofile sn: test cn: test test userPassword: 123456 vpnProfileDn:... ... --- On Tue, 2/23/10, John Dennis wrote: From: John Dennis Subject: Re: rlm-ldap error for chap To: "FreeRadius users mailing list" Cc: "Eric Eric" Date: Tuesday, February 23, 2010, 3:46 PM On 02/23/2010 05:31 AM, Eric Eric wrote: > I changed Cleartext-Password in ldap.attrmap to User-Password Don't do that, that's got nothing to do with finding the user's password in your directory. It's the password_attribute in your ldap config which controls how to find the users password in your directory. But first you must find the user in your directory, which is controlled by the basedn and filter ldap config items. What are they set to and what does ldapsearch return when you pass ldapsearch the same basedn and filter? -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_chap clear text password not available
please help.It confused me ! I want to change authentication pap to chap. The users with clear passwords are in ldap server. but the is error with clear password in rlm-ldap radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded LDAP rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Dial rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS User-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x90f2d90 Module: Instantiated ldap (ldap-Vpn) Module: Loaded always Module: Instantiated always (ok) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded detail Module: Instantiated detail (auth_log) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL Counter Module: Instantiated sqlcounter (monthly-Vpn) rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Vpn rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RA
(rlm_chap: Clear text password not available)
I want to change authentication pap to chap. The users with clear passwords are in ldap server. but the is error with clear password in rlm-ldap radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded LDAP rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Dial rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS User-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x90f2d90 Module: Instantiated ldap (ldap-Vpn) Module: Loaded always Module: Instantiated always (ok) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded detail Module: Instantiated detail (auth_log) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL Counter Module: Instantiated sqlcounter (monthly-Vpn) rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Vpn rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_
Re: rlm-ldap error for chap
Excuse me my reply was incomplete and sent with error.
I changed Cleartext-Password in ldap.attrmap to User-Password
and now:
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
and checked with password_header = "{clear}" and without it. but error is the
same as before.
--- On Tue, 2/23/10, Eric Eric wrote:
From: Eric Eric
Subject: rlm-ldap error for chap
To: "FreeRadius users mailing list"
Date: Tuesday, February 23, 2010, 10:31 AM
I changed Cleartext-Password in ldap.attrmap to User-Password
and now:
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
and checked with password_header = "{clear}" and without it. b
--- On Tue, 2/23/10, Fajar A. Nugraha wrote:
From: Fajar A. Nugraha
Subject: Re: rlm-ldap error for chap
To: "FreeRadius users mailing list"
Date: Tuesday, February 23, 2010, 6:47 AM
On Tue, Feb 23, 2010 at 1:32 PM, Eric Eric wrote:
>
> Hi
> I
want to change authentication pap to chap. The users with clear passwords are
in ldap server. but the is error with clear password in rlm-ldap
> rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
is the cleartext password there?
> ldap ldap-Vpn{
>
> password_attribute = userPassword
> password_header = "{clear}"
>
> }
does the cleartext password have a header?
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Inline Attachment Follows-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm-ldap error for chap
I changed Cleartext-Password in ldap.attrmap to User-Password
and now:
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
and checked with password_header = "{clear}" and without it. b
--- On Tue, 2/23/10, Fajar A. Nugraha wrote:
From: Fajar A. Nugraha
Subject: Re: rlm-ldap error for chap
To: "FreeRadius users mailing list"
Date: Tuesday, February 23, 2010, 6:47 AM
On Tue, Feb 23, 2010 at 1:32 PM, Eric Eric wrote:
>
> Hi
> I
want to change authentication pap to chap. The users with clear passwords are
in ldap server. but the is error with clear password in rlm-ldap
> rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
is the cleartext password there?
> ldap ldap-Vpn{
>
> password_attribute = userPassword
> password_header = "{clear}"
>
> }
does the cleartext password have a header?
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm-ldap error for chap
Hi I want to change authentication pap to chap. The users with clear passwords are in ldap server. but the is error with clear password in rlm-ldap radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded LDAP rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Dial rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x90f2d90 Module: Instantiated ldap (ldap-Vpn) Module: Loaded always Module: Instantiated always (ok) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded detail Module: Instantiated detail (auth_log) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL Counter Module: Instantiated sqlcounter (monthly-Vpn) rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Vpn rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address r
Re: Fw: freeradius and ldap using chap
When I remove ldap-Vpn from authenticate part error is:
rlm_chap: login attempt by "test" with CHAP password
rlm_chap: Could not find clear text password for user test
Login incorrect (rlm_chap: Clear text password not available): [test] (from
client vpntist port 128 cli 10.10.10.24)
what is wrong in my config?any help?
--- On Sun, 2/21/10, Eric Eric wrote:
From: Eric Eric
Subject: Fw: freeradius and ldap using chap
To: freeradius-users@lists.freeradius.org
Date: Sunday, February 21, 2010, 1:33 PM
Hi
I want to change authentication pap to chap. The users with clear passwords are
in ldap server. The error is :
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication. Cannot use
"CHAP-Password".
Login incorrect (rlm_chap: Clear text password not available):
I saw the problem in faq but I didn't find what is my mistake. The config is:
in users :
DEFAULT Client-IP-Address ==
10.10.10.2 , Auth-Type := Vpn, Autz-Type := Vpn, Post-Auth-Type := Vpn,
Session-type := Vpn
in radius.conf:
ldap ldap-Vpn{
password_attribute =
userPassword
password_header = "{clear}"
}
authorize {
chap
Autz-Type Vpn{
ldap-Vpn
chap
}
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type Vpn{
chap
ldap-Vpn
}
}
what is my mistake? should I do any other config or change in ldap.attrmap?
-Inline Attachment Follows-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: freeradius and ldap using chap
Hi
I want to change authentication pap to chap. The users with clear passwords are
in ldap server. The error is :
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication. Cannot use
"CHAP-Password".
Login incorrect (rlm_chap: Clear text password not available):
I saw the problem in faq but I didn't find what is my mistake. The config is:
in users :
DEFAULT Client-IP-Address == 10.10.10.2 , Auth-Type := Vpn, Autz-Type := Vpn,
Post-Auth-Type := Vpn, Session-type := Vpn
in radius.conf:
ldap ldap-Vpn{
password_attribute =
userPassword
password_header = "{clear}"
}
authorize {
chap
Autz-Type Vpn{
ldap-Vpn
chap
}
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type Vpn{
chap
ldap-Vpn
}
}
what is my mistake? should I do any other config or change in ldap.attrmap?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
