Re: Re: Re: Re: Re: Wireless gateway -Radius-LDAP-eDIRECTORY (Novell)
On Wed, 29 Sep 2004, Andrew Werbowy wrote: Do I have to do this to all users? I thought that LDAP server would give me a password. Please read doc/rlm_ldap about how to configure the ldap module to extract user passwords. [EMAIL PROTECTED] 09/29/04 4:04 PM Andrew Werbowy [EMAIL PROTECTED] wrote: I am giving right password. Yes, I know. That's not the point. The point is that the *server* doesn't know what the correct password is. Put the following at the top of the users file: #--- tor_sysop_2 User-Password == insert_correct_password_here Fall-Through = Yes #--- and the authentication will succeed. If you do not tell the server what the users correct password is, all the server knows is that the user is trying to log in with a password, but it has no idea if that password is correct. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Wireless gateway -Radius-LDAP-eDIRECTORY (Novell)
Andrew Werbowy [EMAIL PROTECTED] wrote: ... I'm on the list. Please don't CC me on mail. I get too much mail as it is. modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type LDAP ERROR: Unknown value specified for Auth-Type. Cannot perform List ldap in the authenticate section. There's a sample entry there already, just commented out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Wireless gateway -Radius-LDAP-eDIRECTORY (Novell)
Sorry... I had Replay To All set on my mailbox options. I did change and now I get this: rlm_ldap: performing search in o=cbcsrc, with filter (uid=tor_sysop_2)rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user tor_sysop_2 authorized to use remote accessrlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type MS-CHAPauth: type "MS-CHAP" Processing the authenticate section of radiusd.confmodcall: entering group Auth-Type for request 3 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for tor_sysop_2 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 3modcall: group Auth-Type returns reject for request 3auth: Failed to validate the user.Login incorrect: [tor_sysop_2/no User-Password attribute] (from client bluesocket port 0)Delaying request 3 for 1 secondsFinished request 3Going to the next request I think we are getting closer and closer to resolve this configuration. Thanks Andrew. [EMAIL PROTECTED] 9/29/2004 12:47:05 PM "Andrew Werbowy" [EMAIL PROTECTED] wrote:.. I'm on the list. Please don't CC me on mail. I get too much mailas it is. modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" ERROR: Unknown value specified for Auth-Type. Cannot perform List "ldap" in the "authenticate" section. There's a sample entrythere already, just commented out. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Re: Re: Wireless gateway -Radius-LDAP-eDIRECTORY (Novell)
Andrew Werbowy [EMAIL PROTECTED] wrote: I am giving right password. Yes, I know. That's not the point. The point is that the *server* doesn't know what the correct password is. Put the following at the top of the users file: #--- tor_sysop_2 User-Password == insert_correct_password_here Fall-Through = Yes #--- and the authentication will succeed. If you do not tell the server what the users correct password is, all the server knows is that the user is trying to log in with a password, but it has no idea if that password is correct. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Re: Re: Re: Wireless gateway -Radius-LDAP-eDIRECTORY (Novell)
Do I have to do this to all users? I thought that LDAP server would give me a password. [EMAIL PROTECTED] 09/29/04 4:04 PM Andrew Werbowy [EMAIL PROTECTED] wrote: I am giving right password. Yes, I know. That's not the point. The point is that the *server* doesn't know what the correct password is. Put the following at the top of the users file: #--- tor_sysop_2 User-Password == insert_correct_password_here Fall-Through = Yes #--- and the authentication will succeed. If you do not tell the server what the users correct password is, all the server knows is that the user is trying to log in with a password, but it has no idea if that password is correct. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
