Attribute "User-Password" is required for authentication
No matter what I seem to try and configure I always get the error message: Attribute "User-Password" is required for authentication I have tried rlm_unix, rlm_pam, rlm_ldap, rlm_eap_leap always with the same result. The only thing that does work is if I put a user in the users file specifying User-Password == "test123" I want to be able to use an existing user/password source like pam or ldap. Now I figure it must have something to do with the device that is pointing at the freeradius server that is different because I used a nortel router and pointed it at this freeradius box and it works perfectly all the way out to the ldap server and back. The device that is configured to point at the freeradus server is configured for leap. The leap negotiation works fine but it fails on the user auth. Ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius using leap and ldap
Original Message Follows From: "Tony Sciortino" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Subject: Freeradius using leap and ldap Date: Thu, 1 Jul 2004 00:24:14 -0400 I am very close to getting freeradius to work with leap and ldap but I can not seem to close the deal. Here is the error I get in the radius.log Thu Jul 1 00:04:04 2004 : Auth: Login OK: [sysams3/] (from client 9150 port 432 cli 0002.b3c5.a18c) Thu Jul 1 00:04:04 2004 : Info: rlm_eap_leap: No User-Password or NT-Password configured for this user Thu Jul 1 00:04:04 2004 : Auth: Login incorrect: [sysams3/] (from client 9150 port 432 cli 0002.b3c5.a18c) So first I am logging in ok, but then I get a login incorrect. So here is the server debug with -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Using deprecated clients file. Support for this will go away soon. Using deprecated realms file. Support for this will go away soon. Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap rlm_eap: Loaded and initialized the type md5 rlm_eap: Loaded and initialized the type leap Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded files Module: Instantiated files (files) Module: Loaded LDAP conns: (nil) rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP racfPassword mapped to RADIUS User-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x8105ee0 Module: Instantiated ldap (ldap) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 10.31.131.3:21667, id=169, length=132 User-Name = "sysams3" Framed-MTU = 1400 Called-Station-Id = "0007.50d6.226d" Calling-Station-Id = "0002.b3c5.a18c" Message-Authenticator = 0xa0f0e6d1ab955cf3396016f600e06720 EAP-Message = 0x0201000c01737973616d7333 NAS-Port-Type = Wireless-802.11 NAS-Port = 455 Service-Type = Framed-User NAS-IP-Address = 10.31.131.3 NAS-Identifier = "PTXDEMO&quo
Freeradius using leap and ldap
I am very close to getting freeradius to work with leap and ldap but I can not seem to close the deal. Here is the error I get in the radius.log Thu Jul 1 00:04:04 2004 : Auth: Login OK: [sysams3/] (from client 9150 port 432 cli 0002.b3c5.a18c)Thu Jul 1 00:04:04 2004 : Info: rlm_eap_leap: No User-Password or NT-Password configured for this userThu Jul 1 00:04:04 2004 : Auth: Login incorrect: [sysams3/] (from client 9150 port 432 cli 0002.b3c5.a18c) So first I am logging in ok, but then I get a login incorrect. So here is the server debug with -x Starting - reading configuration files ...Using deprecated naslist file. Support for this will go away soon.Using deprecated clients file. Support for this will go away soon.Using deprecated realms file. Support for this will go away soon.Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded eaprlm_eap: Loaded and initialized the type md5rlm_eap: Loaded and initialized the type leapModule: Instantiated eap (eap)Module: Loaded preprocessModule: Instantiated preprocess (preprocess)Module: Loaded filesModule: Instantiated files (files)Module: Loaded LDAPconns: (nil)rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmaprlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Typerlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Userlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Idrlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Idrlm_ldap: LDAP lmPassword mapped to RADIUS LM-Passwordrlm_ldap: LDAP ntPassword mapped to RADIUS NT-Passwordrlm_ldap: LDAP racfPassword mapped to RADIUS User-Passwordrlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXTrlm_ldap: LDAP radiusExpiration mapped to RADIUS Expirationrlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Typerlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocolrlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Addressrlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmaskrlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Routerlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routingrlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Idrlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTUrlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compressionrlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Hostrlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Servicerlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Portrlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Numberrlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Idrlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Networkrlm_ldap: LDAP radiusClass mapped to RADIUS Classrlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeoutrlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeoutrlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Actionrlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Servicerlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Noderlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Grouprlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Linkrlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Networkrlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zonerlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limitrlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Portconns: 0x8105ee0Module: Instantiated ldap (ldap)Module: Loaded realmModule: Instantiated realm (suffix)Module: Loaded Acct-Unique-Session-IdModule: Instantiated acct_unique (acct_unique)Module: Loaded detailModule: Instantiated detail (detail)Module: Loaded radutmpModule: Instantiated radutmp (radutmp)Initializing the thread pool...Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.Ready to process requests.rad_recv: Access-Request packet from host 10.31.131.3:21667, id=169, length=132 User-Name = "sysams3" Framed-MTU = 1400 Called-Station-Id = "0007.50d6.226d" Calling-Station-Id = "0002.b3c5.a18c" Message-Authenticator = 0xa0f0e6d1ab955cf3396016f600e06720 EAP-Message = 0x0201000c01737973616d7333 NAS-Port-Type = Wireless-802.11 NAS-Port = 455 Service-Type = Framed-User NAS-IP-Address = 10.31.131.3 NAS-Identifier = "PTXDEMO"rlm_ldap: - authorizerlm_ldap: performing user authorization for sysams3ldap_get_conn: Got Id: 0rlm_ldap: (re)connect to sy29.s390.riteaid.com:389, authentication 0rlm_ldap: bind as racfid=admin,profiletype=USER,dc=racf,o=riteaid.com/mypass to sy29.s390.riteaid.com:389rlm_ldap:
