Re: Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!

2009-03-24 Thread Alan DeKok 
Edwin Isada wrote:
> Hello All,
> 
> Excuse me for my lack of knowledge with Linux and FreeRadius.  I hardly
> have any experience and I've been using version 1.1.3 for the past few
> weeks and had authentication working properly for Cisco devices.  I
> decided to install the latest version 2.1.4 and forgot to save all my
> configuration for 1.1.3.

  When you install the server, it does NOT over-write existing
configurations.

> The radiusd.conf file from what I recall looks totally different.  I
> inserted my ldap information in the modules section,

  Please READ the configuration files.  The modules section has comments
saying where the module configurations are now located.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!

2009-03-24 Thread Michael Schwartzkopff 
Am Dienstag, 24. März 2009 15:58:09 schrieb Edwin Isada:
> Hello All,
>
> Excuse me for my lack of knowledge with Linux and FreeRadius.  I hardly
> have any experience and I've been using version 1.1.3 for the past few
> weeks and had authentication working properly for Cisco devices.  I decided
> to install the latest version 2.1.4 and forgot to save all my configuration
> for 1.1.3. Hopefully I'll learn my lesson next time =)  The radiusd.conf
> file from what I recall looks totally different.  I inserted my ldap
> information in the modules section, but running the basic debug I'm seeing
> an error "No authenticate method (Auth-Type).  Even running the recommended
> radtest it's failing in reviewing the debug.  I believe I'm missing
> authenticate config. If so do I need to modify another file or add it to
> radiusd.conf?  I'm a little lost here if someone can point me the right
> direction and hopefully I can proceed with getting authorization working
> afterwards.  Let me know if you need any additional information.  I've
> added the debug info below. Another quick question has anyone configured
> this for F5 devices?
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 1027, id=254,
> length=56
> User-Name = "test"
> User-Password = "test"
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 0
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "test", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [test] (from client localhost port 0)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> test
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 254 to 127.0.0.1 port 1027
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 254 with timestamp +783
>
> Thanks,
>
> Ed

Did you enter the nescessary config in the modules/ldap file?
Did you uncomment the ldap sections in authorize and authenticate sections in 
the default server (servers-enabled/default)?

-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: mi...@multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!

2009-03-24 Thread Edwin Isada 
Hello All,

Excuse me for my lack of knowledge with Linux and FreeRadius.  I hardly have
any experience and I've been using version 1.1.3 for the past few weeks and
had authentication working properly for Cisco devices.  I decided to install
the latest version 2.1.4 and forgot to save all my configuration for 1.1.3.
Hopefully I'll learn my lesson next time =)  The radiusd.conf file from what
I recall looks totally different.  I inserted my ldap information in the
modules section, but running the basic debug I'm seeing an error "No
authenticate method (Auth-Type).  Even running the recommended radtest it's
failing in reviewing the debug.  I believe I'm missing authenticate config.
If so do I need to modify another file or add it to radiusd.conf?  I'm a
little lost here if someone can point me the right direction and hopefully I
can proceed with getting authorization working afterwards.  Let me know if
you need any additional information.  I've added the debug info below.
Another quick question has anyone configured this for F5 devices?

rad_recv: Access-Request packet from host 127.0.0.1 port 1027, id=254,
length=56
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [test] (from client localhost port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 254 to 127.0.0.1 port 1027
Waking up in 4.9 seconds.
Cleaning up request 0 ID 254 with timestamp +783

Thanks,

Ed
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html