I have a setup with RADIUS+LDAP+mOnOwall.
LDAP stores my users
RADIUS authenticates against LDAP
mOnOwall uses RADIUS
I'm using a Windows client to VPN to my network, I'm currently testing this internally. I know freeRADIUS work, as I have tested radtest using this LDAP user (testuser) and I have authenticated. However when the request is sent to mOnOwall there is no User-Password attribute in the request. So later on in the authenticate section it has the username ( testuser ) but no password to bind with hence authentication fails.
NAS-Identifier = "monowall.my-domain.lan"
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testuser"
MS-CHAP-Challenge = 0xbb1e687e10c6481b45a4a0a4443f85b7
MS-CHAP2-Response = 0x0100a5ac08636ba719aa2d3474095f0ea86c000000000000000076cfd03fcf4faad4e50c7a3066e58d064e77bf79036e61b3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: Added password 123456 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
Can anyone shed some light on this...?
I used this mailing list to help in my own debugging
http://lists.cistron.nl/pipermail/freeradius-users/2005-March/041731.htmlA Successful DebugAccess-Request packet from host 127.0.0.1:32824, id=38, length=59
User-Name = "testuser"
User-Password = "123456"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: Added password 123456 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "123456"
rlm_ldap: user DN: uid=testuser,ou=Users,dc=my-domain,dc=lan
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=testuser,ou=Users,dc=my-domain,dc=lan/123456 to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user testuser authenticated succesfully
Sending Access-Accept of id 38 to 127.0.0.1:32824
A Failed debug NAS-Identifier = "monowall.mrcorp.lan"
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "testuser"
MS-CHAP-Challenge = 0xbb1e687e10c6481b45a4a0a4443f85b7
MS-CHAP2-Response = 0x01005df563a9f17f501ac8df2638239537d900000000000000007d7cae1e845eb61671eb13676e25cc331d878298acc9374b
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: Added password 123456 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user igodit authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
As you can see in the failed debug message, there is NO User-Password sent.