Help with freeradius

Help please, im trying to authenticate freeradius by doing a search on ldap and using the sambaNtpassword and then authenticate with ms-chap to provide wireless internet. here is the log: FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Sep 15 2009 at 11:31:29 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including configuration file /etc/raddb/eap.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main {     prefix = "/usr"     localstatedir = "/var"     logdir = "/var/log/radius"     libdir = "/usr/lib/freeradius"     radacctdir = "/var/log/radius/radacct"     hostname_lookups = no     max_request_time = 30     cleanup_delay = 5     max_requests = 1024     allow_core_dumps = no     pidfile = "/var/run/radiusd/radiusd.pid"     checkrad = "/usr/sbin/checkrad"     debug_level = 0     proxy_requests = yes  log {     stripped_names = no     auth = no     auth_badpass = no     auth_goodpass = no  }  security {     max_attributes = 200     reject_delay = 1     status_server = no  } } radiusd: #### Loading Realms and Home Servers ####  proxy server {     retry_delay = 5     retry_count = 3     default_fallback = no     dead_time = 120     wake_all_if_all_dead = no  }  home_server localhost {     ipaddr = 127.0.0.1     port = 1812     type = "auth"     secret = "testing123"     response_window = 20     max_outstanding = 65536     require_message_authenticator = no     zombie_period = 40     status_check = "status-server"     ping_interval = 30     check_interval = 30     num_answers_to_alive = 3     num_pings_to_alive = 3     revive_interval = 120     status_check_timeout = 4     irt = 2     mrt = 16     mrc = 5     mrd = 30  }  home_server_pool my_auth_failover {     type = fail-over     home_server = localhost  }  realm example.com {     auth_pool = my_auth_failover  }  realm LOCAL {  } radiusd: #### Loading Clients ####  client 150.164.0.0/16 {     require_message_authenticator = no     secret = "testando"     shortname = "ufmg"  }  client 127.0.0.1 {     require_message_authenticator = no     secret = "testando"     shortname = "ufmg"  } radiusd: #### Instantiating modules #### radiusd: #### Loading Virtual Servers #### server {  modules {  Module: Checking authenticate {...} for more modules to load  Module: Linked to module rlm_mschap  Module: Instantiating mschap   mschap {     use_mppe = yes     require_encryption = yes     require_strong = yes     with_ntdomain_hack = no   }  Module: Linked to module rlm_eap  Module: Instantiating eap   eap {     default_eap_type = "peap"     timer_expire = 60     ignore_unknown_eap_types = no     cisco_accounting_username_bug = no     max_sessions = 2048   }  Module: Linked to sub-module rlm_eap_tls  Module: Instantiating eap-tls    tls {     rsa_key_exchange = no     dh_key_exchange = yes     rsa_key_length = 512     dh_key_length = 512     verify_depth = 0     pem_file_type = yes     private_key_file = "/etc/raddb/certs/server.pem"     certificate_file = "/etc/raddb/certs/server.pem"     CA_file = "/etc/raddb/certs/ca.pem"     private_key_password = "whatever"     dh_file = "/etc/raddb/certs/dh"     random_file = "/etc/raddb/certs/random"     fragment_size = 1024     include_length = yes     check_crl = no    }  Module: Linked to sub-module rlm_eap_peap  Module: Instantiating eap-peap    peap {     default_eap_type = "mschapv2"     copy_request_to_tunnel = no     use_tunneled_reply = no     proxy_tunneled_request_as_eap = yes    }  Module: Linked to sub-module rlm_eap_mschapv2  Module: Instantiating eap-mschapv2    mschapv2 {     with_ntdomain_hack = no    }  Module: Checking authorize {...} for more modules to load  Module: Linked to module rlm_ldap  Module: Instantiating ldapgrude   ldap ldapgrude {     server = "1xx.1xx.xxx.xxx"     port = 389     password = "ldapPassword"     identity = "cn=voipuser,dc=ufmg,dc=br"     net_timeout = 10     timeout = 40     timelimit = 30     tls_mode = no     start_tls = no     tls_require_cert = "allow"     basedn = "ou=people,dc=ufmg,dc=br"     filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"     base_filter = "(objectClass=sambaSAMAccount)"     auto_header = no     access_attr = "uid"     access_attr_used_for_allow = yes     groupname_attribute = "cn"     groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"     dictionary_mapping = "/etc/raddb/ldap.attrmap"     ldap_debug = 0     ldap_connections_number = 5     compare_check_items = no     do_xlat = yes     set_auth_type = yes   } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldapgrude-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldapgrude-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldapgrude rlm_ldap: Over-riding set_auth_type, as there is no module ldapgrude listed in the "authenticate" section. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP userPassword mapped to RADIUS User_Password rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x8637058  } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen {     type = "auth"     ipaddr = *     port = 0 } Listening on authentication address * port 1812 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 40380, id=170, length=69     User-Name = "uset"     User-Password = "testpasswd"     NAS-IP-Address = 1xx.1xx.xxx.xxx     NAS-Port = 1 +- entering group authorize {...} ++[mschap] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [ldapgrude] performing user authorization for testUser [ldapgrude] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details [ldapgrude]     expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testUser) [ldapgrude]     expand: ou=people,dc=ufmg,dc=br -> ou=people,dc=ufmg,dc=br rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 1xx.1xx.xxx.xxx:389, authentication 0 rlm_ldap: bind as cn=voipuser,dc=ufmg,dc=br/ldapPassword to 1xx.1xx.xxx.xxx:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=people,dc=ufmg,dc=br, with filter (uid=testUser) [ldapgrude] checking if remote access for testUser is allowed by uid [ldapgrude] looking for check items in directory... rlm_ldap: sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U           ]" rlm_ldap: sambaNTPassword -> NT-Password == 0x9257394245343632414133453337354130387042433837323324653032453235 rlm_ldap: sambaLMPassword -> LM-Password == 0x5678394543313346423331393843423049813244424243383541313445413244 [ldapgrude] looking for reply items in directory... WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly? [ldapgrude] user testUser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldapgrude] returns ok No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 170 to 127.0.0.1 port 40380 Waking up in 4.9 seconds.

---

Veja quais são os assuntos do momento no Yahoo! + Buscados: Top 10 - Celebridades - Música - Esportes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

> im trying to authenticate freeradius by doing a search on ldap and using
> the sambaNtpassword and then authenticate with ms-chap to provide wireless
> internet.
> here is the log:

1. You have gone some way into destroying default (read: working)
configuration.

> rad_recv: Access-Request packet from host 127.0.0.1 port 40380, id=170,
> length=69
>     User-Name = "uset"
>     User-Password = "testpasswd"
>     NAS-IP-Address = 1xx.1xx.xxx.xxx
>     NAS-Port = 1

2. Then you sent a pap request.

> +- entering group authorize {...}
> ++[mschap] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop

3. Your crippled configuration can't handle pap requests.

Go back to default configuration. Enable and configure ldap. Whatch how
things work when you don't destroy the working configuration.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html