Re: rlm_ldap - Attribute "User-Password" is required for

This is a discussion on Re: rlm_ldap - Attribute "User-Password" is required for within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi, On Tue, 2005-03-08 at 15:44 +0100, guest01 wrote: > hm, radius is very strange .... Can anyone ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page Re: rlm_ldap - Attribute "User-Password" is required for

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-09-2005
Sayantan Bhowmick
 
Posts: n/a
Default Re: rlm_ldap - Attribute "User-Password" is required for
Hi,

On Tue, 2005-03-08 at 15:44 +0100, guest01 wrote:
> hm, radius is very strange .... Can anyone please help me?
> this is the logfile output after testing with radexample:
>
> rad_recv: Access-Request packet from host 127.0.0.1:1025, id=40, length=66
> User-Name = "testuser"
> User-Password = "123456"
> Service-Type = Authenticate-Only
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0

These are the attributes in the request. As you can see the client sends
User-Password = "testuser". This will be used to perform authentication.

> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat: '(&(objectclass=gibraltarUser)(uid=testuser))'
> radius_xlat: 'ou=users,dc=gibraltar,dc=local'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as / to localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=users,dc=gibraltar,dc=local, with
> filter (&(objectclass=gibraltarUser)(uid=testuser))
> rlm_ldap: checking if remote access for testuser is allowed by isVPNUser
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user testuser authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "testuser" with password "123456"
> rlm_ldap: user DN: uid=testuser,ou=users,dc=gibraltar,dc=local
> rlm_ldap: (re)connect to localhost:389, authentication 1
> rlm_ldap: bind as uid=testuser,ou=users,dc=gibraltar,dc=local/123456 to

This is where the ldap authenticate takes place..(Binding as testuser
with password 123456).

> localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: user testuser authenticated succesfully
> modcall[authenticate]: module "ldap" returns ok for request 0
> modcall: group Auth-Type returns ok for request 0
> Sending Access-Accept of id 40 to 127.0.0.1:1025
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 40 with timestamp 422db560
> Nothing to do. Sleeping until we see a request.
>
> and this is the output after trying to connect via pptpd with winxp prof.
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1:1025, id=41, length=54
> Service-Type = Framed-User
> Framed-Protocol = PPP
> User-Name = "testuser"
> NAS-IP-Address = 66.150.161.140
> NAS-Port = 0

In this case there is no User-Password attribute in the request. So
later on in the authenticate section it has the username ( testuser )
but no password to bind with hence authentication fails.

> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> users: Matched DEFAULT at 152
> users: Matched DEFAULT at 171
> users: Matched DEFAULT at 183
> modcall[authorize]: module "files" returns ok for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat: '(&(objectclass=gibraltarUser)(uid=testuser))'
> radius_xlat: 'ou=users,dc=gibraltar,dc=local'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as / to localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in ou=users,dc=gibraltar,dc=local, with
> filter (&(objectclass=gibraltarUser)(uid=testuser))
> rlm_ldap: checking if remote access for testuser is allowed by isVPNUser
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user testuser authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group Auth-Type returns invalid for request 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 41 to 127.0.0.1:1025
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 41 with timestamp 422db59d
> Nothing to do. Sleeping until we see a request.
>
> The first part, the authorize-part works fine, but the authentication-part
> will not work!!! Any ideas? In my radiusd.conf, I configured everything
> right (I think). Otherwise it wouldn't work with radexample or radtest.
>
> Just for understanding, what the hell does the authentication part do? What
> attributes do I need for it to get it work? Isn't radiusauthtype enough?
>
> I just want my users to authenticate via radius to my pptp server, I don't
> need special authentication attributes like radiussessiontime or
> whatever...
> I tried to set authenticate-only as default, but it didn't work
>
> please help!
> best regards
> peda
>
> PS: Debian woody, with freeradius 1.0.1 and ppp 2.4.3
Regards,
-Sayantan.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:22 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0