Hi, everybody!
I have a problem on having tried to use TTLS with
LDAP. I have seen solutions to this problem in this
mailing list, but I have not had success.
In the following line it seems that ldap realizes
correctly the comparison:
rlm_ldap: user prueba authorized to use remote access
but after that error comes:
rlm_ldap: Attribute "User-Password" is required for
authentication.
modcall[authenticate]: module "ldap" returns invalid
for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Please, if someone have an idea to solve it, I will be
grateful very much.
I attach my configuration files and the complete
result of the execution.
Thanks
Alfonso Celestino
DGSCA, UNAM
___
Do You Yahoo!?
La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes.
http://net.yahoo.com.mx
Radius.conf File:
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
unix
eap
}
authorize {
preprocess
chap
mschap
suffix
eap
files
ldap
}
ldap {
server = "xxx.xxx.xxx.xxx"
identity = "cn=redes,ou=admins,ou=radius,dc=mydomain,dc=com"
password = secret
basedn = "ou=users,ou=radius,dc=mydomain,dc=com"
filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
password_attribute = "userPassword"
ssword_attribute = "userPassword"
authtype = ldap
start_tls = no
tls_cacertfile =
/usr/local/radius/etc/raddb/certs/demoCA/cacert.pem
tls_cacertdir = /usr/local/radius/etc/raddb/certs
tls_certfile =
/usr/local/radius/etc/raddb/certs/server.pem
tls_keyfile=
/usr/local/radius/etc/raddb/certs/demoCA/private/cakey.pem
tls_randfile =
/usr/local/radius/etc/raddb/certs/random
tls_require_cert = "demand"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
eap.conf file
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
tls {
private_key_password = secretpasswd
private_key_file = ${raddbdir}/certs/server.pem
certificate_file = ${raddbdir}/certs/server.pem
CA_file = ${raddbdir}/certs/root.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
mschapv2 {
}
}
users file:
DEFAULT Auth-Type := LDAP
Fall-Through = No
And I add to ldap.attrmap file the next:
checkItem User-Password userPassword
checkItem LM-Password sambaLMPassword
checkItem NT-Password sambaNTPassword
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
mai