Hello all, My server is running in PEAP mschapv2 and I've a problem when I want to authenticate a user with a ldap database (all is ok without the ldap). My version of freeradius is 1.0.2
apparently, the ldap can't find the User-Name attribute.... Could it be because of mschapv2???? I try to change the filter of LDAP in radiusd.conf (warn me if it's false :) ): filter = "(&(SAM-Account-Name=%{User-Name}))" //log radius rad_recv: Access-Request packet from host 10.74.1.110:2062, id=0, length=125 User-Name = "radius" NAS-IP-Address = 10.74.1.110 Called-Station-Id = "000f66d9f098" Calling-Station-Id = "000e35be0159" NAS-Identifier = "000f66d9f098" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b01726164697573 Message-Authenticator = 0x004b720255d8a13c938cdc392ba0cd91 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "radius", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 159 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 4 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Name" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 4 modcall: group Auth-Type returns invalid for request 4 auth: Failed to validate the user. Login incorrect: [radius/<no User-Password attribute>] (from client 10.74.1.110 port 38 cli 000e35be0159) Delaying request 4 for 1 seconds Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.74.1.110:2062 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html