mschap and ldap auth-type together no more working
This is a discussion on mschap and ldap auth-type together no more working within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hello, I had a problem with ippool, but it is a NAS problem. I wanted to do further checks so ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-18-2007
|
|||
|
|||
mschap and ldap auth-type together no more working
Hello,
I had a problem with ippool, but it is a NAS problem. I wanted to do further checks so I upgrade to newer versions: freeradius 1.0.2-4sarge3 stable (I come from this one) freeradius 1.1.3-3 testing freeradius 1.1.2-1bpo1 sarge-backports Before, I was able to do LDAP or MSCHAP automatically. I had and entry in users lalot Auth-Type := ldap Framed-IP-Address = XXX, Framed-IP-Netmask = 255.255.255.0, Fall-Through = Yes If I put mschap in users, it's working for mschap.. The two new ones have the same problem. That's may ne due to an incomplete update.. I don't put all the logs: rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=xxx,dc=fr, with filter (uid=lalot) rlm_ldap: looking for check items in directory... rlm_ldap: Adding supannaffectation as Pool-Name, value Pharo & op=21 rlm_ldap: Adding ntPassword as NT-Password, value XXX & op=21 rlm_ldap: Adding lmPassword as LM-Password, value XXX & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user lalot authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 11 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module "mschap" returns ok for request 11 modcall: leaving group authorize (returns ok) for request 11 rad_check_password: Found Auth-Type ldap auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 11 and before: rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 2 rlm_mschap: Found LM-Password rlm_mschap: Found NT-Password You can notice the diff rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' and then rad_check_password: seems confused.. Any ideas?. Config: authorize { preprocess files ldap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap } authenticate { Auth-Type LDAP { ldap } Auth-Type PAP { pap } Auth-Type MS-CHAP { mschap } } -- Dominique LALOT Ingenieur Systeme et Reseaux http://annuaire.univmed.fr/showuser.php?uid=lalot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
