Authenticating users checking Huntgroup-Name in unlang
Hi, I have set FreeRadius 2.1.12 Server, and configured it to authorize and authenticate users that are in Active Directory and users file. I have tested in real wireless environment to authenticate users from Active Directory users file and it is successful. But according to our organization's requirement I need to authenticate users to allow or reject users for wireless or VPN access checking huntgroups and attribute in AD or users file accordingly so, I have configured huntgroup name in huntgroups wirelesstest and have configured my NAS-IP-Address as: (Some names IP Address are edited for privacy) /usr/local/etc/raddb/huntgroups wirelesstestNAS-IP-Address == IP Address wirelesstestNAS-IP-Address == IP Address wirelesstestNAS-IP-Address == IP Address Clients are configured in clients.conf file as: /usr/local/etc/raddb/clients.conf client Primary_controller{ ipaddr = IP Address secret = password shortname = primary nastype = enterasys } In default inner_tunnel files configurations, unlang conditional checking are done under ldap files sub-sections of authorize section /usr/local/etc/raddb/sites-enabled/default and /usr/local/etc/raddb/sites-enabled/inner-tunnel authorize { . ldap if (%{Huntgroup-Name} == wirelesstest){ if (control:Connect-Type == wireless){ update control { Auth-Type := Accept } } else { update control { Auth-Type := Reject } } } files if (%{Huntgroup-Name} == wirelesstest){ if (control:Connect-Type == wireless){ update control { Auth-Type := Accept } } else { update control { Auth-Type := Reject } } } While testing through radtest it works as expected. Unlang condition is checked, and attribute is also checked against Active Directory or users file and authenticate users if it matches and it rejects if it doesn't match. But in Real wireless environment testing I don't get any response at Client side, and after long time it says can't connect. But while checking at debug log doing radiusd -X it shows it is checking the condition and sending Access-Accept or Access-Reject accordingly. I tried different conditional checkings in unlang; checking against shortname as: if (%{client:shortname} =~ /^primary/){ checking against huntgroup as: if (%{client:huntgroup} == wireless){ But any of these setting gives me no response at client side although my debug log shows the condition is being checked and Access-Accept ot Access-Reject is sent. Part of debug log is as follows: Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = test User-Password = password FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = test User-Password = password FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = IP Address NAS-Port = 116 Framed-MTU = 1400 Called-Station-Id = 00:1e:35:7f:ec:35 Calling-Station-Id = 00:35:5c:68:c0:08 NAS-Port-Type = Wireless-802.11 NAS-Identifier = Wireless_Test Service-Type = Framed-User Siemens-AP-Serial = 0600010084050956 Siemens-AP-Name = TEST Siemens-VNS-Name = Wireless_Test Siemens-SSID = Wireless_Test Siemens-BSS-MAC = 00:1e:35:7f:ec:35 server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[mschap] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [ldap] performing user authorization for test [ldap] expand: %{Stripped-User-Name} - [ldap] ... expanding second conditional [ldap] expand: %{User-Name} - test [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) - (sAMAccountName=test) [ldap] expand: dc=example,dc=com - dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=example,dc=com, with filter (sAMAccountName=test) [ldap] looking for check items in directory... [ldap] extensionAttribute15 - Connect-Type == wireless [ldap] looking for reply items in directory... WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? [ldap] Setting Auth-Type = LDAP [ldap] user test authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++? if
Creating Certificates for EAP
Hi, I am trying to create certificates in Freeradius going inside /usr/local/etc/raddb/certs. I need these certificates for EAP-TTLS authentication for wireless access points. As suggested in deployingradius.com and README inside /usr/local/etc/raddb/certs; I tried to create Test Certificates for testing purpose at first. I tried the command make inside /usr/local/etc/raddb/certs, but it doesn't do anything, i.e. doesn't show any certificates building. Also I tried ./bootstrap going inside the same certs directory; it also doesn't do anything. I don't see any certificates like root CA that has been built after I run make or ./bootstrap command inside certs directory. I have already installed openssl in my machine with freebsd in which freeradius server is installed. Is there anything I am missing? Your suggestions would be greately appreciated. Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Creating-Certificates-for-EAP-tp5564660p5564660.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Creating Certificates for EAP
I tried: openssl dhparam -out dh 1024 as you suggested and dh file is created as below: #openssl dhparam -out dh 1024 Generating DH parameters, 1024 bit long safe prime, generator 2 This is going to take a long time ...+...++...+...+...+.+++...+..+..+.+.++*++*++* Inside Dh file I can see: -BEGIN DH PARAMETERS- MIGHAoGBAKUwai2pBXG3jEBbBRk08wDTE+l0m6USXQcq5AF1FMM/3RxFOZvfgotu qEqQJAYvUawmG2JScnPqPNeP2kHOCPyGrtCgAeXXKu0kbN8liniRLWpvUoy9LlJE XMr0RyuNUJFUvnBdGL8Hup5X7pqIezIKTpvrgGmnNze+tytw8ZkjAgEC -END DH PARAMETERS- *Does this mean my OpenSSL is ok?* I have used make install to install ports in freebsd and this command works and everything is working good till now. I have already configured Freeradius for the users in Active directory; everything is working perfect for other authentications method. Should I try make install command instead of make or ./bootstrap going inside /usr/local/etc/raddb/certs directory? Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Creating-Certificates-for-EAP-tp5564660p5564962.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization with Active Directory
Hi, I had implemented the idea given by Phil for authorizing the users of Active directory to use VPN or Wifi or whatever for which they are for depending upon the value of Active directory's extensionAttribute10 attribute as: ## /usr/local/etc/raddb/modules/ldap: filter = ((extensionAttribute10=%{control:Tmp-String-0})(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) I have used extensionAttribute10 for storing values as VPN,wifi depending upon the users. ## /usr/local/etc/raddb/sites-enabled/default ## I tried using Called-Station-Id to check the condition; which is ok for now for testing ; but which I guess is not feasible if there are thousands of NAS devices. I don't know what would be best test condition for this. authorize { ... if (Called-Station-Id == ...) { update control { Tmp-String-0 := VPN } } else { update control { Tmp-String-0 := Wifi } } ldap if (notfound) { reject } ... } And also, I have implemented the idea of returning filter-id for the users of Active directory looking at OU of domain as: ldap if (control:Ldap-UserDN =~ /^[^,]+,OU=([^,]+),/) update control { Tmp-String-1 := %{1} } And returning the value of Filter-Id through users file as: DEFAULT Filter-Id := Enterasys:version=1:policy=%{control:Tmp-String-1} But now I am facing the problem that I can't use more than one If conditions inside unlang to test the conditions inside Ldap module. (If I am correct on my understanding) And, also using the filter defined as above inside Ldap module some user of active directory which doesn't have extensionAttribute10 might get rejected. These users should get default acceptance; but should be granted to access VPN, or wifi if value is assigned to them on extensionAttribute10. If don't have attribute defined still get accepted as default user. If I just use: filter = (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) This allows all the users in Active Directory get accepted (doesn't reject if there is no extensionAttribute10 also); But how to get the goal of granting the authorization for VPN, wifi users accordingly if I use this? Is there any easy way to check condition for the particular attribute of active directory? And I don't know where to check this, If I am already using If conditional statement for returning the Filter-Id inside Ldap module. In my understanding; people use to check this type of condition for the users that are defined in users file as; bob User-Password == testing, Connection-Type := VPN But I am not sure how to check like this eventhough If I define in ldap.attrmap as: checkItem Connection-TypeextensionAttribute10 I don't know; whether I am confused or I am not getting how to achieve this. Your valuable idea would be really appreciated. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorization-with-Active-Directory-tp5117364p5433010.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization with Active Directory
Thanks a lot again for showing me the direction. Everything works perfect except the conditional checking for Client-Shortname. I tried using: *if (Client-Shortname =~ /^localhost/) {* It didn't work saying Client-Shortname as unknown attribute. Again I tried using: * if (%{client: shortname} =~ /^localhost/) {* It also showed the following test result: I am testing it with localhost; In the debug mode output it shows: +++? if (%{client: shortname} =~ /^localhost/) expand: %{client: shortname} - ? Evaluating (%{client: shortname} =~ /^localhost/) - FALSE +++? if (%{client: shortname} =~ /^localhost/) - FALSE Why is the condition checking for localhost is evaluated as FALSE? In my clients.conf I have just listed the default FreeRadius configuration for localhost as: client localhost { ipaddr = 127.0.0.1 secret = testing123 nastype = other } Can't it be tested using localhost shortname; should I need to use client in real environment testing instead of localhost ? OR is there any silly thing I am missing again.. For just trial purpose I used NAS-IP-Address and supplied my localhost IP address inside If condition; it is works. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorization-with-Active-Directory-tp5117364p5434013.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to return Filter-ID attribute value for the users in Active Directory?
Hi, I tried to return the value of Filter-ID as: authorize { ... ldap if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) { update control { Tmp-String-1 := %{1} } } ... } post-auth { update reply { Filter-Id := Enterasys:version=1:policy=%{control:Tmp-String-1} } } In my active directory I have the attribute named distinguishedName which I am using inside if statement. If I use Ldap-UserDN attribute inside if statement (as suggested) it says: No attribute named Ldap-UserDN. *Example*: In Active Directory distinguishedName attribute for the user is listed as: CN=test,OU=Staff,OU=Employees,OU=Users,DC=example,DC=com But, when I run in debug mode I see: while checking the if condition; it shows: ++? if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) ? Evaluating (distinguishedName =~ /^[^,]+,OU=([^,]+),/) - FALSE ++? if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) - FALSE *Why this if condition is being evaluated as FALSE?* And it returns the post-auth value as: Filter-Id = Enterasys:version=1:policy= It doesn't return anything as: staff, administrators, etc for policy. The part of debug mode output and radtest are as shown below: ##Debug mode output: #radiusd -X : rad_recv: Access-Request packet from host 127.0.0.1 port 43666, id=225, length=80 User-Name = test User-Password = hello NAS-IP-Address = IP Address NAS-Port = 0 Message-Authenticator = 0x8ab06794e7069587309aa626d315269e # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [ldap] performing user authorization for test [ldap] expand: %{Stripped-User-Name} - [ldap] ... expanding second conditional [ldap] expand: %{User-Name} - test [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) - (sAMAccountName=test) [ldap] expand: dc=example,dc=com - dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to server.example.com:389, authentication 0 [ldap] bind as cn=test,ou=Staff,ou=Employees,ou=Users,dc=example,dc=com/hello to server.example.com:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=example,dc=com, with filter (sAMAccountName=test) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? [ldap] Setting Auth-Type = LDAP [ldap] user test authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++? if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) ? Evaluating (distinguishedName =~ /^[^,]+,OU=([^,]+),/) - FALSE ++? if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) - FALSE ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = LDAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group LDAP {...} [ldap] login attempt by test with password hello [ldap] user DN: CN=test,OU=Staff,OU=Employees,OU=Users,DC=example,DC=com [ldap] (re)connect to server.example.com:389, authentication 1 [ldap] bind as CN=test,OU=Staff,OU=Employees,OU=Users,DC=example,DC=com/hello to server.example.com:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] user test authenticated succesfully ++[ldap] returns ok Login OK: [test] (from client localhost port 0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +- entering group post-auth {...} expand: Enterasys:version=1:policy=%{control:Tmp-String-1} - Enterasys:version=1:policy= ++[reply] returns noop ++[exec] returns noop Sending Access-Accept of id 225 to 127.0.0.1 port 43666 Filter-Id = Enterasys:version=1:policy= Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 225 with timestamp +8 Ready to process requests. ##radtest output: #radtest test hello localhost 0 testing123 Sending Access-Request of id 225 to 127.0.0.1 port 1812 User-Name = test User-Password = hello NAS-IP-Address = IP Address NAS-Port = 0 Message-Authenticator = 0x rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=225, length=49 Filter-Id = Enterasys:version=1:policy= Please correct me If I am doing something wrong. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-return-Filter-ID-attribute-value-for-the-users-in-Active-Directory-tp5155068p5158499.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to return Filter-ID attribute value for the users in Active Directory?
Thank you so much Alan for pointing out the mistake suggesting the solution. Using: if (control:Ldap-UserDN =~ /^[^,]+,OU=([^,]+),/) *solved this issue.* Still trying to become more familiar with attributes and learning. In my understanding there are different attributes list as :request, reply, control, proxy-request, proxy-reply, outer.request, outer.reply, etc. Is there any way to see what attributes request list contains ; or reply list contains, etc. When searching I see the following FreeRadius site lists the attribute lists: http://freeradius.org/rfc/attributes.html But, is there any way to know what attributes is contained by what list. For example: Ldap-UserDN is inside control attribute list. How to figure out this? (It is not in the attributes list mentioned in above site) Is there any way to find it that I am unaware of ? Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-return-Filter-ID-attribute-value-for-the-users-in-Active-Directory-tp5155068p5158770.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to return Filter-ID attribute value for the users in Active Directory?
Hi, I am able to do authentication and authorization of the users that are in Active Directory after FreeRadius and Active Directory integration. I am now testing in real test environment with Enterasys product (Switch) in which Policy manager is already configured to assign different roles to different users. Depending upon the Filter-ID attribute value returned by FreeRadius, Enterasys switch decides what role can be assigned to the user. In my understanding I know there is the way to achieve this goal if we have Ldap-Group so that we can use as: DEFAULT Ldap-Group == Staff Filter-ID := Enterasys:version=1:policy=staff, Fall-Through = No But, How to do same like this for the users in Active Directory; How to return the Filter-ID attribute value if there is no group configured in Active Directory; there is just users listings who can be authenticated and authorized using the passwords provided. The main point is: I don't have any Group configured as Ldap-Group for staff or admin or for different types of users in Active Directory. I would really appreciate if someone can give me the idea on this. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to return Filter-ID attribute value for the users in Active Directory?
There are different users under Staff, Administrators, Retirees, etc in active directory as: OU=Staff OU=Administrators OU=Retirees CN=users CN=users CN=users I have to return the filterID value for staff users as: Filter-Id := Enterasys:version=1:policy=staff Also, filterID value for Administrators users as: Filter-Id := Enterasys:version=1:policy=Administrators similarly for others. If you want to return a different filter for different users, you will obviously need some kind of lookup table from user-filter. That will need to live somewhere. How to do this? Can the lookup table be created inside Active Directory using the attribute? If so, how to return that user's filter attribute value that is created from Active Directory back to NAS again. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-return-Filter-ID-attribute-value-for-the-users-in-Active-Directory-tp5155068p5155212.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization with Active Directory
Phil, I modified the LDAP module configuration as you suggested: filter = ((extensionAttribute10=%{control:Tmp-String-0}) (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})) Also I did change in authorize section of my configuration of default and inner-tunnel files; But I got confused with the conditional part: if (Some-Condition == Some-Value). I don't know where this should be defined or supplied while doing user testing using radtest. where should this condition be defined or passed? After configuration changes, I run server in debug mode as *radiusd -X*; and run *radtest username password localhost 0 testing123* which just supplies username and password; where to supply extension attribute value check during radtest or where should condition be defined. OR how server knows to check extension attribute for the username and password supplied during radtest? Can you please make me clear? In extensionAttribute10 of my active directory I have just put the values for Wifi and VPN to test. The configuration modification I have done as you suggested as: #Not sure of if (Some-Condition == Some-Value) part so; tried putting if (value == 0) which didn't work *if (Some-Condition == Some-Value)* { update control{ Tmp-String-0 := Wifi } } else{ update control{ Tmp-String-0 := VPN } } ldap if(notfound){ reject } I am really sorry if this is the simple question. Thanks for the reply -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorization-with-Active-Directory-tp5117364p5119621.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authorization with Active Directory
Hi, I have configured freeradius server to authenticate authorize user with the supplied username and password against active directory. Till this stage; The user can be authenticated and authorized successfully with credentials provided. For this purpose; user is just authenticated and authorized depending upon the filter of LDAP module which I have set. My LDAP module filter configuration is as: filter = (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) But Now, I want to go deep on authenticating and authorizing user to allow or reject VPN or Wifi access, etc. For this purpose I have created extension attribute in Active directory and has assigned the value as VPN , Wifi, etc. Now my question is: How can I set the filter in Ldap module of FreeRadius to just allow the user belonging to VPN or wifi ? Should I need to add the extension attribute filter to the above mentioned filter? OR should I need to define 2 filters: the above one and another for extension attribute? I tried defining 2 filters separately; it didn't work. I know some people use the concept of Group for this purpose. In my case, I can't use Group. I just have to authenticate and authorize user just using Active Directory attribute. I don't know whether this is way to do or not. Any idea would be really helpful. This forum has really helped a lot to the beginner like me to reach till this stage. Thanks everyone -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorization-with-Active-Directory-tp5117364p5117364.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, Active Directory, LDAP Authorization
Hi, After configuration and running the FreeRadius in debug mode, I see that binding with LDAP server is successful as : *[ldap] Bind was successful* Then it does searching of user with filter and gives the error as : *[ldap] ldap_search() failed: Operations error after* *[ldap] search failed* Is there anything I am missing due to which I am getting this error? Is this related to any configuration that needs to be done in LDAP server side or any change I need to do in /usr/local/etc/raddb/dictionary and /usr/local/etc/raddb/ldap.attrmap. I am doing Authentication using ntlm_auth as suggested by deployingradius.com, which is successful. Now, I am doing Authorization using LDAP. Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRadius-Active-Directory-LDAP-Authorization-tp5049129p5055785.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, Active Directory, LDAP Authorization
Thank you all for the suggestions. I have already installed FreeRadius 2.1.12 which I am running, an I have got ldap in file /usr/local/etc/raddb/modules/ldap; I have gone through it and I am still not sure where the problem lies. I have here included below the part of debug mode output that I have got running radiusd -X. I have illustrated the output part after Linked to module rlm_ldap Module: Linked to module rlm_ldap Module: Instantiating module ldap from file /usr/local/etc/raddb/modules/ldap ldap { server = Example.com port = 389 password = identity = net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = allow tls { start_tls = no require_cert = allow } basedn = dc=Example,dc=com filter = (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) base_filter = (objectclass=radiusprofile) auto_header = no access_attr_used_for_allow = yes groupname_attribute = cn groupmembership_filter = (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: Over-riding set_auth_type, as there is no module ldap listed in the authenticate section. rlm_ldap: reading ldap-radius mappings from file /usr/local/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x2853e2e0 Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module acct_unique from file /usr/local/etc/raddb/modules/acct_unique acct_unique { key =
FreeRadius, Active Directory, LDAP Authorization
Hi, I have installed FreeRadius server 2.1.12, installed and configured Kerberos, Samba; configured ntlm_auth program for FreeRadius Authentication with Active Directory. Everything is successful and running smoothly till this stage. Now, I am in the phase of configuration of Authorization in FreeRadius. For Authorization process I want to use LDAP database which is already up and running in another server (not in the server where FreeRadius is installed). The authorization should be granted in such a way that some users should be allowed/restricted VPN, some should be allowed/restricted wifi, etc... I am not sure whether this is the best way to do Authorization using LDAP or not because it is first time I am trying this in FreeRadius. After changing the configuration as mentioned below and running FreeRadius in debug mode, I get successful Ready to process requests but while supplying user credentials I get rad_recv: *Access-Reject *packet from host 127.0.0.1 port 1812, id=60, length=20. What I have done so far is: I uncommented the LDAP in authorize section of both files /usr/local/etc/raddb/sites-enabled/default and /usr/local/etc/raddb/sites-enabled/inner-tunnel. I have changed the configuration in /usr/local/etc/raddb/modules/ldap accordingly as: (Some parts are left blank for privacy) ldap { server = *My ldap server name* identity = cn= ,dc= ,dc= password = basedn = dc=,dc= filter = (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${raddbdir}/ldap.attrmap edir_account_policy_check = no } In /usr/local/etc/raddb/users file: DEFAULT Auth-Type = ntlm_auth bob Cleartext-Password := hello I havn't done any change in Authenticate section of both /usr/local/etc/raddb/sites-enabled/default and /usr/local/etc/raddb/sites-enabled/inner-tunnel files related to LDAP. I have listed authenticate section of ntlm_auth by following deployingradius.com. But while following *rlm_ldap* doc I have seen that it is mentioned: LDAP and Active Directory - *You can only use PAP, and then only if you list ldap in the authenticate section.* Does this mean I need to list ldap in authenticate section also. If I list it, what about ntlm_auth that is already enabled for authentication. I am confused with this. Should I need to install openldap openssl also in the machine where freeradius is installed to make LDAP authorisation work properly? Please suggest me whether the configuration process I am following related to LDAP is the good way to do or not. If not what is the best way to achieve it. Any documentation/site/thread suggestion regarding this would be greately appreciated. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRadius-Active-Directory-LDAP-Authorization-tp5049129p5049129.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Failed to send packet; No response from Server
Alan, I updated the ports tree in FreeBSD which upgraded FreeRadius to 2.1.12 from 2.1.10. After installation I am successful on doing basic PAP Authentication. It solved this issue. Thank You so much! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Error-Failed-to-send-packet-No-response-from-Server-tp5030058p5036729.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Failed to send packet; No response from Server
Hi, I was successful to install Freeradius 2.1.10 and basic PAP authentication, Authentication against Active Directory was successful when I installed Freeradius for first time. But I had to deinstall and reinstall Freeradius 2.1.10 again due to some missing libraries. I am following the same deployingradius.com site for basic testing. I can start the server in debugging mode successfully using radiusd -X, which shows Ready to process requests. But while doing basic radtest for PAP authentication it gives error: radclient: Failed to send packet for ID 85: (unknown error) radclient: no response from server for ID 85 socket 3 The last part of debug mode output when I run radiusd -X is: radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } listen { type = auth ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. The error I got using radtest is as follows: #radtest bob hello localhost 0 testing123 Sending Access-Request of id 85 to 127.0.0.1 port 1812 User-Name = bob User-Password = hello NAS-IP-Address = *This is ommitted for privacy, It shows my radius server IP address* NAS-Port = 0 radclient: Failed to send packet for ID 85: (unknown error) Sending Access-Request of id 85 to 127.0.0.1 port 1812 User-Name = bob User-Password = hello NAS-IP-Address = *This is ommitted for privacy, It shows my radius server IP address* NAS-Port = 0 radclient: Failed to send packet for ID 85: (unknown error) Sending Access-Request of id 85 to 127.0.0.1 port 1812 User-Name = bob User-Password = hello NAS-IP-Address = *This is ommitted for privacy, It shows my radius server IP address* NAS-Port = 0 radclient: Failed to send packet for ID 85: (unknown error) radclient: no response from server for ID 85 socket 3 I was successful to do basic PAP authentication, and also authentication against active directory before. But this time I am getting this error. Can anyone please tell me what might be wrong. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Error-Failed-to-send-packet-No-response-from-Server-tp5030058p5030058.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap+freeradius
Guys, I configured FreeRadius for Authentication with Active Directory by following the steps as suggested by Alan's deployingradius.com. Everything is working successfully like Samba, Kerberos, ntlm_auth configuration, I can successfully join the domain as an administrator and also user can be authenticated by their credentials successfully. Now I need one suggestion here: Is there any way that administrator be able to read and write the information about user's access privileges by joining the domain. Such as users are allowed/denied for WIFi access, VPN access etc. I don't know whether it is possible or not by confguring anything with Samba/Kerberos/ntlm_auth/FreeRadius or should I need any other program to obtain this goal. I am configuring FreeRadius for the 1st time so, your idea will be greately appreciated. Thanks, Date: Wed, 9 Nov 2011 18:06:16 -0800 From: ml-node+s1045715n4979784...@n5.nabble.com To: samanaupadh...@hotmail.com Subject: Re: ldap+freeradius Hi, *Sorry for the confusion I made. I have put the name of LDAP server accordingly , not the localhost. Just for privacy I didn't put here.* okay Here is the output of radiusd -X command: and there. bingo. libdir = /usr/local/lib/freeradius-2.1.10 urgh. why? really...why? when you did the ./configure stage did you ask for it to go into this special non-standard directory? if its therethen you need to ensure that your system knows its there too - and a default server wont. you will need to edit the configuration file for your dynamic linker - usually /etc/ld.so.conf ..and then re-run /sbin/ldconfig ..you need to ensure your linker shows that it knows this /sbin/ldconfig -vif you need to check and double-check. if you dont see the freeradius libraries there at all then you need to check again. finally...if you dont see the rlm_ldap.so then go back one more step...and check that the LDAP module was actually built int he first place! ./configure --with-whatever-options | grep WARN you need to ensure you have LDAP support installed - the ldap development libraries usually something like openldap-devel in your package manager the fact that all the other bits work suggests that the other .so files are found..which points to the lack of ldap development libraries as the main culprit /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. yep. the .so dynamic library file cannot be loaded alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you reply to this email, your message will be added to the discussion below:http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4979784.html To unsubscribe from ldap+freeradius, click here. See how NAML generates this email -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4984367.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
I searched throught the threads and found this thread exactly matching to my error I am getting. I am getting following error while debugging freeradius for using LDAP: /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. David, How did you solve this problem? I don't know what to do... Your suggestions would be greately appreciated. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978124.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan, I tried the 3 steps that is suggested in FAQ, that isn't working. Also, As suggested in 3rd (b) step; I found the 'radiusd.conf' file inside /usr/local/etc/raddb/radiusd.conf. Inside radiusd.conf file it is suggesting to do : To work around the problem, find out which library contains that symbol, # and add the directory containing that library to the end of 'libdir', # with a colon separating the directory names. NO spaces are allowed. # # e.g. libdir = /usr/local/lib:/opt/package/lib Does this mean I should add libdir for rlm_ldap just below the '/usr/local/share/doc/freeradius/rlm_ldap' line of radiusd.conf as follows: *libdir = /usr/local/share/doc/freeradius/rlm_ldap* When doing locate rlm_ldap command I just see rlm_ldap path as */usr/local/share/doc/freeradius/rlm_ldap* I am confused on this. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978260.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan, The LDAP server was already configred in other machine by System Administrator. I am trying to link FreeRadius to that existing and already running LDAP server and authenticate the users using already configured attribute. I didn't download LDAP on this machine where FreeRadius is running. I made the LDAP option on during the FreeRadius installation like: == The following configuration options are available for freeradius-2.1.10_2: USER=on Run as user freeradius, group freeradius KERBEROS=on With Kerberos support HEIMDAL=off With Heimdal Kerberos support LDAP=on With LDAP database support MYSQL=on With MySQL database support PGSQL=on With PostgreSQL database support UNIXODBC=on With unixODBC database support FIREBIRD=on With Firebird database support (EXPERIMENTAL) PERL=on With Perl support PYTHON=on With Python support OCI8=on With Oracle support (currently experimental) RUBY=on With Ruby support (EXPERIMENTAL) DHCP=on With DHCP support (EXPERIMENTAL) EXPERIMENTAL=on Build experimental modules UDPFROMTO=on Compile in UDPFROMTO support === Use 'make config' to modify these settings *The scenario is LDAP is already running in one server and Freeradius is running in another server. I just changed the configuration settings on freeBSD server where FreeRadius is running as:* */usr/local/etc/raddb/modules/ldap :* ldap { # Define the LDAP server and the base domain name server = localhost basedn = dc=example,dc=com # Define which attribute from an LDAP ldapsearch query # is the password. Create a filter to extract the password # from the ldapsearch output password_attribute = userPassword filter = (uid=%{Stripped-User-Name:-%{User-Name}}) # The following are RADIUS defaults start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } */usr/local/etc/raddb/sites-enabled/default :* authorize { ... ... # # The ldap module will set Auth-Type to LDAP if it has not # already been set Ldap ... ... } Auth-Type LDAP { ldap } Also, same type of modifications has been done on : */usr/local/etc/raddb/sites-enabled/inner-tunnel* Also, change has been made to users file adding LDAP user authentication. Thanks for the suggestions... -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978695.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap+freeradius
Alan, *Sorry for the confusion I made. I have put the name of LDAP server accordingly , not the localhost. Just for privacy I didn't put here.* Here is the output of radiusd -X command: # radiusd -X FreeRADIUS Version 2.1.10, for host i386-portbld-freebsd8.2, built on Oct 21 2011 at 11:26:0 7 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local localstatedir = /var logdir = /var/log libdir = /usr/local/lib/freeradius-2.1.10 radacctdir = /var/log/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/local/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security
RE: ldap+freeradius
Alan, Sorry for any inconvenience caused by it. I just put the output 3rd time since Alan Buxey asked for the complete radiusd-X output, not the small 3 line output to get the complete picture. Yesterday only I joined this freeradius list. Yesterday I opened the thread thinking to get suggestion where you were the one to give suggestion, I couldn't figure out how to solve that; and today I found this 'LDAP+Freeradius' thread with the same issue and posted here thinking I Might get quick response from the individual who already faced and solved this issue. My intention is not to trouble by sending the same post. I just want suggestion from this group. Again, Sorry if my questions troubled you guys. Thanks Date: Wed, 9 Nov 2011 12:19:15 -0800 From: ml-node+s1045715n4978982...@n5.nabble.com To: samanaupadh...@hotmail.com Subject: Re: ldap+freeradius Alan DeKok wrote too quickly: But you need to posting the same question. If you do, you can be unsubscribed. You need to *stop* posting the same question. I think I might set up a bot to monitor the list. The same question 3 times from someone results in them being unsubscribed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you reply to this email, your message will be added to the discussion below:http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4978982.html To unsubscribe from ldap+freeradius, click here. See how NAML generates this email -- View this message in context: http://freeradius.1045715.n5.nabble.com/ldap-freeradius-tp2781398p4979011.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem: FreeRadius Authentication using LDAP
Hi, I have configured FreeRadius to authenticate against LDAP. I have installed and configured FreeRadius in FreeBSD Server and LDAP is already set up in another server. I configured as below: (Changes on file are shown on bold letter) */usr/local/etc/raddb/modules/ldap :* ldap { # Define the LDAP server and the base domain name server = *localhost* basedn = *dc=example,dc=com* # Define which attribute from an LDAP ldapsearch query # is the password. Create a filter to extract the password # from the ldapsearch output password_attribute = userPassword filter = (uid=%{Stripped-User-Name:-%{User-Name}}) # The following are RADIUS defaults start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } */usr/local/etc/raddb/sites-enabled/default :* authorize { ... ... # # The ldap module will set Auth-Type to LDAP if it has not # already been set Ldap ... ... } Auth-Type LDAP { ldap } Also, same type of modifications has been done on : */usr/local/etc/raddb/sites-enabled/inner-tunnel* Also, change has been made to users file adding LDAP user authentication. But when I run radiusd -X command to run freeradius on debug mode, it gives following error: /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. I don't know what to do? I would appreciate anyone's idea. Should I need to configure anything if I have freeradius server on one machine and LDAP server on another machine. They are not on same machine/host. Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-FreeRadius-Authentication-using-LDAP-tp4974896p4974896.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: FreeRadius Authentication using LDAP
Alan, Are you talking about the following FAQ: http://wiki.freeradius.org/FAQ#How+do+I+make+CHAP+work+with+LDAP%3F I have followed the same configuration method it has suggested. Or is there any other FAQ which mentions about this error and method to solve this? Thank you so much for your suggestion. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-FreeRadius-Authentication-using-LDAP-tp4974896p4975206.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html