P and keep getting :
Attribute "User-Password" is required for authentication
You have forced "Auth-Type := LDAP" in your configuration. Don't do
that. i.e. You have:
rlm_ldap: Adding radiusAuthType as Auth-Type == LDAP
DELETE the "radiusAuthType" from yo
f the laptop through to use as a
> password.
>
> I am unable to understand how to map this in LDAP and keep getting :
> Attribute "User-Password" is required for authentication
You have forced "Auth-Type := LDAP" in your configuration. Don't do
that. i.e. Y
lem, but I understand that it is a possibility that
the Netgear passes the Mac address of the laptop through to use as a
password.
I am unable to understand how to map this in LDAP and keep getting :
Attribute "User-Password" is required for authentication
I am using the radiusProf
sth wrote:
> Hi folks,
Posting huge amounts of configuration files to the list isn't necessary.
> My NAS is talking to the FR instance (being run in "-X" debug mode, of
> course), but the NAS doesn't appear to be sending the "User-Password"
> attribute that FR is expecting.
No. It's sending
As far as I understand your config files, you want to use MD5.
So the question are:
- is the client really sending MD5 hashes (or is it sending NT hashes
for example)
- can PAM handle it?
- has PAM access to the password in MD5 or in clear to be able to
check against it?
I hope that my hi
94f27aaff16e2547c
NAS-Port = 0
EAP-Message = 0x02d2000d017374686f6f6b6572
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module &qu
Phil Mayers wrote:
>>>
>> All the passwords stored in the ldap database are md5, is that going to work
>> with peap?
>
> No. It's cryptographically impossible, sorry.
>
> Your only real option is TTLS+PAP, which will require installing supplicant
> software on windows machines e.g. SecureW2
> >
> All the passwords stored in the ldap database are md5, is that going to work
> with peap?
No. It's cryptographically impossible, sorry.
Your only real option is TTLS+PAP, which will require installing supplicant
software on windows machines e.g. SecureW2
-
List info/subscribe/unsubs
Cody Jarrett wrote:
> I originally had "Default Auth-type := pam" but I removed that. Users
> are stored in an ldap database and I am basically trying to get radius
> to use pam for auth info, is this wrong? I don't understand how radius
> will use pam if I don't specify it somewhere.
You canno
uot;
>> Framed-MTU = 1488
>> State = 0x56c5dd00772486e492f840877441be62
>> Called-Station-Id = "00-0F-CB-FC-3E-5F:CJ Test"
>> Calling-Station-Id = "00-0E-35-FF-2A-82"
>> NAS-Identifier = "AP11G"
&
s" returns ok for request 7
>modcall: leaving group authorize (returns updated) for request 7
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 7
>
thorize section of radiusd.conf
>> modcall: entering group authorize for request 0
>> modcall[authorize]: module "preprocess" returns ok for request 0
>> modcall[authorize]: module "chap" returns noop for request 0
>> modcall[authorize]: module "
dcall[authorize]: module "eap" returns updated for request 0
> users: Matched entry DEFAULT at line 153
> users: Matched entry DEFAULT at line 177
> modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for
T at line 153
users: Matched entry DEFAULT at line 177
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type pam
auth: type "PAM"
Processing the authenticate
icant with a 3com access point, I get:
>
> rlm_pam: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "pam" returns invalid for request 4
> modcall: leaving group authenticate (returns invalid) for request 4
> auth: Failed to
r-Password" is required for authentication.
modcall[authenticate]: module "pam" returns invalid for request 4
modcall: leaving group authenticate (returns invalid) for request 4
auth: Failed to validate the user.
Is the 3com not sending User-Password attributes in the packets, or
Alan,
I try to understand I can only get answers from you guys when
available so yes I do go off and try random howtos (literally anything
I can find) I the hopes I learn a bit more.
But yes, I am now 100% clear on not setting Auth-Type.
Thanks again Alan.
On 4/24/07, Alan DeKok <[EMAIL PROTECTE
Jacob Jarick wrote:
> So the big question is, what Auth-Type do I use ?
You have been told that you should not set it. That means "You should
not set it". It does not mean "use another value".
> If LDAP is not permitted (still confuses me as I only need / want
> radius to authenticate against
Alan,
my test pc only supports PEAP over wireless and setup has to be wireless.
Removing "ldap" from the "authenticate" section causes an EAP error,
so I guess there is more configuration than simply removing /
commenting that section out.
I dont know how to not bind as a user when using FR + LD
So the big question is, what Auth-Type do I use ?
If LDAP is not permitted (still confuses me as I only need / want
radius to authenticate against LDAP) what Auth-Type do I set in the
users file so that Wireless users can authenticate using their ADS
username and passwords.
On 4/23/07, Jacob Jari
Forgive the newbie questions but I think its best to clear up confusion.
client -> cisco -> FR server = eap
FR -> ADS 2003 = pap
Is that correct or am I way off track.
On 4/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
> > Thanks again Alan,
> > For reference the oriellys L
Jacob Jarick wrote:
> Thanks again Alan,
> For reference the oriellys LDAP book instructs you to set "Auth-Type
> := LDAP" so thats where I got the bad reference (perhaps other people
> to).
Yes. There is a LOT of documentation (web pages, etc.) that say to do
the wrong thing. It's unfortunate
Thanks again Alan,
For reference the oriellys LDAP book instructs you to set "Auth-Type
:= LDAP" so thats where I got the bad reference (perhaps other people
to).
Now lets see if I understood the tables correctly.
PAP is the only method that will support LDAP bind as user ?
I should comment out
Jacob Jarick wrote:
> My problem is the ldap password retrieved from the windows client is
> not being sent to the ldap server.
The problem is that you have configured "Auth-Type := LDAP", and then
sent the server an 802.1x authentication request. Do NOT set Auth-Type =
LDAP. This is repeated a
My problem is the ldap password retrieved from the windows client is
not being sent to the ldap server.
So I get that error when trying to login.
I have added
checkItem userPassword User-Password
but it still complains of the same error.
The weird thing is It was working fine friday.
FreeRadius users mailing list on
August 9, 2005 at 02:53 -0800 wrote:
>Hi Vladimir,
>
>Tks for your help, I've managed to setup the ldap with freeradius. One
>last
>question is that is it possible to have freeradius authenticate thru ldap
>and also the users file. The reason is because I need to
sword: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module
"melvin" <[EMAIL PROTECTED]> wrote:
> Currently I need to use ldap to authenticate my users and I keep
> encountering the same problem "rlm_ldap: Attribute "User-Password" is
> required for authentication".
Read the rest of the debug log. You have t
Hi all,
Currently I need to use ldap to authenticate my
users and I keep encountering the same problem "rlm_ldap: Attribute
"User-Password" is required for authentication". I have tried adding
"checkItem
User-Password
userPassword"
On Thu, Apr 14, 2005, Bob Mancker wrote:
> I am currently working on a vpn server, and I use pptpd with freeradius and
> trying to get pam authentication working. I want to setup freeradius
> with pam authentication because I want to limit simulatenous logins
> per user to 1. The two odd things I n
diusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 0
[root box pam.d]# pptpd --version
Poptop v1.2.1
pppd version 2.4.3
/etc/pptpd.
Hi
A very strange problem! Even without LDAP, just a normal radius server
with useraccounts in
the users file doesn't work.
Do you have a working radiusserver with ppp-plugin and ldap?
Can you do me a favor and look, if your ppp-radius-plugin
sends a correct Access Request -Packet WITH user-passwo
n directory...
> rlm_ldap: user testuser authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Typ
> I had a similar problem and the solution was the mapping, such as Edvin
> says. I add the following entries to ldap.atrrmap:
>
> checkItem LM-Password lmPassword
> checkItem NT-Password ntPassword
> checkItem User-Password
nstag, 08. März 2005 13:07
To: freeradius-users@lists.freeradius.org
Subject: Re: rlm_ldap - Attribute "User-Password" is required for
authentication
hm, ok, and that means?
Do you any suggestions how to make it work?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org
ssage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of guest01
Sent: Dienstag, 08. März 2005 13:07
To: freeradius-users@lists.freeradius.org
Subject: Re: rlm_ldap - Attribute "User-Password" is required for
authentication
hm, ok, and that means?
Do you any suggestions how t
I think Steve is right ... This damned ppp-radius-plugin sends bad
packets to my radiusserver ... packets without the required
user-password ...
And so it must be this damned plugin ...
I testet a little bit with the windows radius test program and I sent
packets
with and without user-password to
Sébastien Cantos wrote:
>So maybe it's a NAS problem. Are you sure that the NAS is sending the
>userpassword in the request ?
>
>
>
hm, maybe, how can I test that?
I am currently trying some tests with the windowsxp radius test program
... But I am not
very optimistic
-
List info/subscribe/u
De la
> part de guest01
> Envoyé : mardi 8 mars 2005 16:16
> À : freeradius-users@lists.freeradius.org
> Objet : Re: rlm_ldap - Attribute "User-Password" is required
> for authentication
>
> Sébastien Cantos wrote:
>
> >>I had the same problem a few weeks a
Hi
Thxs for your fast and informative answer ... Indeed, a very good argument!
So I think I have to try another ppp version ... A strange problem, damned
ppp radiusplugin!!
Why can't life be easier? ;-)
thxs
peda
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: F
d this is exactly the reason why you got the
error message from the FR server:
> rlm_ldap: Attribute "User-Password" is required for authentication.
Note the word "required".
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l
OTECTED] De la
> part de guest01
> Envoyé : mardi 8 mars 2005 15:44
> À : freeradius-users@lists.freeradius.org
> Objet : Re: rlm_ldap - Attribute "User-Password" is required
> for authentication
>
> hm, radius is very strange Can anyone please help me?
>
d to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radi
hm, ok, and that means?
Do you any suggestions how to make it work?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
guest01 wrote:
Hi
I have a problem with Radius-LDAP Authentication for PPTP, the log says:
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=61, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testuser"
NAS-IP-Address = 69.25.27.17
request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password&quo
call[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap:
"Tony Sciortino" <[EMAIL PROTECTED]> wrote:
> No matter what I seem to try and configure I always get the error message:
>
> Attribute "User-Password" is required for authentication
>
> I have tried rlm_unix, rlm_pam, rlm_ldap, rlm_eap_leap always with
No matter what I seem to try and configure I always get the error message:
Attribute "User-Password" is required for authentication
I have tried rlm_unix, rlm_pam, rlm_ldap, rlm_eap_leap always with the same
result.
The only thing that does work is if I put a user in the users file
't process it. But I don't
> know how can I change it.
You don't.
> rlm_ldap: Attribute "User-Password" is required for
> authentication.
You've edited the configuration to:
a) set Auth-Type = LDAP
or
b) listed LDAP before EAP in the "
because there isn't
"User-Password" and It doesn't process it. But I don't
know how can I change it.
rlm_ldap: Attribute "User-Password" is required for
authentication.
-
Any ideas?
Sorry for my english, and thanks in advance.
Alberto.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP'
Huh? Why did you do that?
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
Please read the list archive
ize]: module "mschap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is
54 matches
Mail list logo