Re: Ldap + EAP

This is a discussion on Re: Ldap + EAP within the FreeRADIUS Users forums, part of the Networking and Network Related category; > checkItem User-Password clearPassword HI, I set in ldap.attrmap checkItem User-Password userPassword because my admin say me ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page Re: Ldap + EAP

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-23-2007
Rafał Kamiński
 
Posts: n/a
Default Re: Ldap + EAP
> checkItem User-Password clearPassword

HI,

I set in ldap.attrmap

checkItem User-Password userPassword

because my admin say me that password in ldap schema is set by userPassword

in authorize and auth. i have:

authorize {


preprocess


chap


mschap


ldap


eap


}



authenticate {





Auth-Type PAP {


pap


}


Auth-Type MS-CHAP {


mschap


}


eap


}


And when i try connect to linksys with windows client - i write
user-name and password i see

log - add on bottom of mail :)

I think that is crazy, because i see:

rlm_ldap: user rka authorized to use remote access

And why debug mode still write:

Auth: Login incorrect: [rka/<no User-Password attribute>] (from client
linksys port 61 cli 0014a41e7112)


Maybe error isn't in ldap connection, maybe in driffrent place :(

Can somebody help me ?

BR,

////DEBUG MODE

rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=167
User-Name = "rka"
NAS-IP-Address = 192.168.1.245
Called-Station-Id = "001217694588"
Calling-Station-Id = "0014a41e7112"
NAS-Identifier = "001217694588"
NAS-Port = 61
Framed-MTU = 1400
State = 0xf8bfced1a046e6c05d5ddcdee6c66a43
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020600261900170301001b6e9e46686e68b4189ee8356381 8eaad43d267262ed5ac48a0026a0
Message-Authenticator = 0x67e2d4387ffb387664c87ef24add26e9
Tue Jan 23 12:58:10 2007 : Debug: Processing the authorize section of
radiusd.conf
Tue Jan 23 12:58:10 2007 : Debug: modcall: entering group authorize for
request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: - authorize
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: performing user
authorization for rka
Tue Jan 23 12:58:10 2007 : Debug: radius_xlat: '(uid=rka)'
Tue Jan 23 12:58:10 2007 : Debug: radius_xlat: 'ou=Users,dc=blstream'
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: performing search in
ou=Users,dc=blstream, with filter (uid=rka)
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: checking if remote access
for rka is allowed by uid
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: looking for check items in
directory...
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: looking for reply items in
directory...
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: user rka authorized to use
remote access
Tue Jan 23 12:58:10 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: returned from
ldap (rlm_ldap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authorize]: module "ldap"
returns ok for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: EAP packet type response id
6 length 38
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authorize]: module "eap"
returns updated for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall: leaving group authorize
(returns updated) for request 19
Tue Jan 23 12:58:10 2007 : Debug: rad_check_password: Found Auth-Type EAP
Tue Jan 23 12:58:10 2007 : Debug: auth: type "EAP"
Tue Jan 23 12:58:10 2007 : Debug: Processing the authenticate section
of radiusd.conf
Tue Jan 23 12:58:10 2007 : Debug: modcall: entering group authenticate
for request 19
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: Request found, released
from the list
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: EAP/peap
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: processing type peap
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: Authenticate
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_tls: processing TLS
Tue Jan 23 12:58:10 2007 : Debug: eaptls_verify returned 7
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_tls: Done initial handshake
Tue Jan 23 12:58:10 2007 : Debug: eaptls_process returned 7
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: EAPTLS_OK
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: Session established.
Decoding tunneled attributes.
PEAP tunnel data in 0000: 02 06 00 0b 21 80 03 00 02 00 02
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: Received EAP-TLV response.
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: Tunneled data is valid.
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap_peap: Had sent TLV failure.
User was rejcted rejected earlier in this session.
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: Handler failed in EAP/peap
Tue Jan 23 12:58:10 2007 : Debug: rlm_eap: Failed in EAP select
Tue Jan 23 12:58:10 2007 : Debug: modsingle[authenticate]: returned
from eap (rlm_eap) for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall[authenticate]: module "eap"
returns invalid for request 19
Tue Jan 23 12:58:10 2007 : Debug: modcall: leaving group authenticate
(returns invalid) for request 19
Tue Jan 23 12:58:10 2007 : Debug: auth: Failed to validate the user.
Tue Jan 23 12:58:10 2007 : Auth: Login incorrect: [rka/<no User-Password
attribute>] (from client linksys port 61 cli 0014a41e7112)
Tue Jan 23 12:58:10 2007 : Debug: Delaying request 19 for 1 seconds
Tue Jan 23 12:58:10 2007 : Debug: Finished request 19
Tue Jan 23 12:58:10 2007 : Debug: Going to the next request
Tue Jan 23 12:58:10 2007 : Debug: rl_next: returning NULL
Tue Jan 23 12:58:10 2007 : Debug: Waking up in 6 seconds...
Tue Jan 23 12:58:16 2007 : Debug: --- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.1.245 port 3072
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000


--
Rafal Kaminski
http://blstream.com
email: rafal.kaminski@blstream.com
jid: rka@im.blstream.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:18 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0