Martin Pauly wrote:
I tested with radtest, as before. All of my real-world access-requests
currently come to the NASes some sort of PAP: Either traditional PAP in
PPP or PAP in EAP-TTLS. In either case, the RADIUS request contains a
password in clear text. The corresponding database is in
On Tuesday 18 December 2007 11:26, Alan DeKok wrote:
Post the debugging output.
Here we go (private data masked):
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file:
Martin Pauly wrote:
On Tuesday 18 December 2007 11:26, Alan DeKok wrote:
Post the debugging output.
Here we go (private data masked):
..,
rlm_ldap: bind as xx/ldap-passwd to auth1.staff.uni-marburg.de:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap:
modcall[authorize]: module ldap1 returns ok for request 0
modcall: leaving group redundant (returns ok) for request 0
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.
modcall[authorize]: module pap returns noop for request 0
You said
On Saturday 15 December 2007 08:38, Alan DeKok wrote:
No. The problem is the WARNING message just before that. You haven't
told the server what the known good password is, so the server has NO
WAY to authenticate the user.
I tested with radtest, as before. All of my real-world
No passworrd for that user was found in Ldap or anywhere else in step 1.
The fact that there is a password in the request is irrelevant. Server
won't go back to Ldap in step 2 - no point, it looked in Ldap and there
was no password.
Ivan Kalik
Kalik Informatika ISP
Dana 17/12/2007, Martin Pauly
Sorry to bother you guys again:
a couple of weeks ago, I asked
With a users file like
DEFAULT
User-Name = `%{User-Name}`
the server complains loudly about the missing Auth-Type when asking with
radtest
So how do I direct the server to use LDAP without setting Auth-Type?
Or
Martin Pauly wrote:
Now I'm going for a new production host and thought I'd simply copy
the working radiusd.conf (with minor adjustments, of course).
But again freeradius is unable to determine the proper auth-type.
No. The problem is the WARNING message just before that. You haven't
told
8 matches
Mail list logo
