Re: LDAP + CHAP problem
satish patel wrote: I also have remove LDAP from authentication and try to connect from clinet with CHAP authentication and error is not clear text paswd Run the server in debugging mode. Read the output. so i want to know LDAP support CHAP ??? No. http://deployingradius.com/documents/protocols/oracles.html and what about clear text passwd i also have add clear text passwd for Users/ldif but still now working so is it bug or anything else Read the debug output. Odds are it's telling you that it did an LDAP lookup, and didn't find anything. That's why the userPassword field wasn't found. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP + CHAP problem
Dear
I have implement freeradius with LDAP + cisco VPDN my problem is my
authentication working with PAP but when i try for authentication from CHAP it
is not working error is password not clear text so i have read many document
about it and ppl talking about store passwd in clear text but also i have ass
passwd in clear text still it is not working
$cat users.ldif
dn: uid=example,ou=users,ou=radius,dc=tulipit,dc=com
objectClass: person
objectClass: inetOrgPerson
cn: example
sn: example
uid: example
userPassword: test
but this is not work with my CHAP authentication so what is the problem can
anyone explain me in detail i want to know resone about this problem
also i have change password_header ={clear} in radius.conf file but still
not working
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
I have implement freeradius with LDAP + cisco VPDN my problem is my authentication working with PAP but when i try for authentication from CHAP it is not working error is password not clear text so i have read many document about it and ppl talking about store passwd in clear text but also i have ass passwd in clear text still it is not working As I understand it, (open)ldap doesn't ever divulge the password in hash form or otherwise to freeradius. That is, the authorization authentication is done by the ldap server, which returns valid or invalid for the credentials freeradius proxied. There may be a way to make this work, but I wouldn't know how. MSCHAP, or MSCHAPv2 can be made to work via samba's winbind daemon, if you have access to an active directory domain. -- Click for free info on online doctorate degrees and make $250k/ year http://tagline.hushmail.com/fc/CAaCXv1ZYZ31cCIxIwDH31ZLLgc9RVOq/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
satish patel wrote: I have implement freeradius with LDAP + cisco VPDN my problem is my authentication working with PAP but when i try for authentication from CHAP it is not working error is password not clear text so i have read many document about it and ppl talking about store passwd in clear text but also i have ass passwd in clear text still it is not working Like many people, you have configured the server to use LDAP for authentication. This is wrong. Don't do it. If you read the debugging output, it will likely tell you what you're doing wrong. Don't set Auth-Type = LDAP, and it will probably work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP + CHAP problem
Hello,
I'm trying to figure out how to make freeradius work with LDAP and CHAP
authentification.
My user file looks like this:
DEFAULT Service-Type = Framed-User
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.10.100+,
Framed-IP-Netmask = 255.255.255.0
And in my radiusd.conf I've something like this:
modules {
...
chap {
authtype = CHAP
}
ldap {
server = myserver
basedn = ou=devices,o=group,dc=toto,dc=com
filter = (cn=%u)
ldap_connections_number = 5
password_header = {clear}
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
chap
ldap
files
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type LDAP {
ldap
}
}
Everithing is working well with the radtest utility whci sends User-Password
Attribute, but when I try to authentificate a client that sends
Chap-password I've the following output:
rlm_ldap: user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
users: Matched DEFAULT at 4
modcall[authorize]: module files returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type CHAP
Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_chap: login attempt by with CHAP password
rlm_chap: Could not find clear text password for user
modcall[authenticate]: module chap returns invalid for request 0
modcall: group authtype returns invalid for request 0
auth: Failed to validate the user.
Login incorrect (rlm_chap: Clear text password not available):
[/CHAP-Password] (from client radiusFT port 99 cli 490760808)
I've read a lot of posts and FAQs vut didn't find any solution. Can anyone
help me in solving this problem please ?
Thanks in advances
Best regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP + CHAP problem
Sébastien Cantos [EMAIL PROTECTED] wrote: I'm trying to figure out how to make freeradius work with LDAP and CHAP authentification. LDAP should supply clear-text passwords to the server. CHAP will work. rlm_chap: Could not find clear text password for user Your LDAP module did not give the server a clear-text password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
G'Day Saket, Which NAS do you use? Regards, Eki I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module ldap returns invalid How can I possibly deal with it ? Thanks, Saket -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Hi Eki, My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: G'Day Saket, Which NAS do you use? Regards, Eki I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module ldap returns invalid How can I possibly deal with it ? Thanks, Saket - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Saket Sathe [EMAIL PROTECTED] wrote: My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. You're also setting Auth-Type := LDAP for a request containing CHAP. Don't do that. It won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
G'Day, Could you paste a reduced content of your gnugk configuration file? Regards, Eki Hi Eki, My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: G'Day Saket, Which NAS do you use? Regards, Eki I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module ldap returns invalid How can I possibly deal with it ? Thanks, Saket -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
Yes, you were rite. Now its working.. :) Thanks a ton On Tue, 2004-07-06 at 18:56, Alan DeKok wrote: Saket Sathe [EMAIL PROTECTED] wrote: My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. You're also setting Auth-Type := LDAP for a request containing CHAP. Don't do that. It won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Thanks, Saket I have never let my schooling interfere with my education. - Mark Twain (1835-1910) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LDAP + CHAP problem
This is my gnugk conf file: [Gatekeeper::Main] Fourtytwo=42 [GkStatus::Auth] KeyFilled=11 gkadmin=xIPXHCRLH2altxSB8Y/HJQ== rule=password [RoutedMode] GKRouted=1 CallSignalPort=0 AcceptUnregisteredCalls=1 #SupportNATedEndpoints=1 H245Routed=1 Q931PortRange=3-30199 H245PortRange=30200-30399 [RadAuth] Servers=localhost:1812 SharedSecret=testing123 [RadAcct] Servers=127.0.0.1:1813 SharedSecret=testing123 [Gatekeeper::Auth] RadAuth=required;RRQ,ARQ On Tue, 2004-07-06 at 19:11, Eki Y. Baskoro wrote: G'Day, Could you paste a reduced content of your gnugk configuration file? Regards, Eki Hi Eki, My NAS is GNUgk, ie GNU's Gatekeeper. I am setting up a VoIP service. On Tue, 2004-07-06 at 13:56, Eki Y. Baskoro wrote: G'Day Saket, Which NAS do you use? Regards, Eki I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module ldap returns invalid How can I possibly deal with it ? Thanks, Saket - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS + LDAP + CHAP problem
I've setup FreeRADIUS with LDAP. I've made sure that they both are interacting correctly using the 'radtest' test client that comes with FreeRADIUS. Now when I try authenticating a client supplying CHAP-Password, FreeRADIUS produces an error saying that: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module ldap returns invalid How can I possibly deal with it ? Thanks, Saket - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
