IdentifiantMot de passe
Mot de passe oublié ?Je m'inscris ! (gratuit)
Navigation

Inscrivez-vous gratuitement
pour pouvoir participer, suivre les réponses en temps réel, voter pour les messages, poser vos propres questions et recevoir la newsletter

Linux Discussion :

FreeRAdius /OpenLdap /TTLS/PAP


Sujet :

Linux

  1. 15/06/2012, 11h29 #1
    kahina.akkouche
    kahina.akkouche est déconnecté
    Futur Membre du Club
    Femme Profil pro
    Administrateur systèmes et réseaux
    Inscrit en
    Juin 2012
    Messages
    2
    Détails du profil
    Informations personnelles :
    Sexe : Femme
    Localisation : France, Paris (Île de France)

    Informations professionnelles :
    Activité : Administrateur systèmes et réseaux
    Secteur : Enseignement

    Informations forums :
    Inscription : Juin 2012
    Messages : 2
    Points : 6
    Points
    6
    Par défaut FreeRAdius /OpenLdap /TTLS/PAP
    Bonjour,
    j'essaie de mettre en place un serveur Freeradius /TTLS/PAP avec un Serveur OpenLDAP.
    Voici le problème que je rencontre.

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41586, id=30, length=56
User-Name = "toto"
User-Password = "\267\002n\235W\270=\207\343\327U\032\036\032w\372"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "toto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for toto
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> toto
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=toto)
[ldap] expand: dc=tem-tsp,dc=eu -> dc=tem-tsp,dc=eu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=tem-tsp,dc=eu, with filter (uid=toto)
[ldap] Added User-Password = toto in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "toto"
[ldap] looking for reply items in directory...
[ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "33"
[ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
[ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
[ldap] user toto authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring Password-With-Header
++[pap] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "�?n?W�=?��U???w�"
[pap] Using clear text password "toto"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> toto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 30 to 127.0.0.1 port 41586
Waking up in 4.9 seconds.
Cleaning up request 11 ID 30 with timestamp +1966
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41586, id=30, length=56
User-Name = "toto"
User-Password = "\267\002n\235W\270=\207\343\327U\032\036\032w\372"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "toto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for toto
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> toto
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=toto)
[ldap] expand: dc=tem-tsp,dc=eu -> dc=tem-tsp,dc=eu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=tem-tsp,dc=eu, with filter (uid=toto)
[ldap] Added User-Password = toto in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "toto"
[ldap] looking for reply items in directory...
[ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "33"
[ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
[ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
[ldap] user toto authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring Password-With-Header
++[pap] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "�?n?W�=?��U???w�"
[pap] Using clear text password "toto"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> toto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 12 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 12
Sending Access-Reject of id 30 to 127.0.0.1 port 41586
Waking up in 4.9 seconds.
Cleaning up request 12 ID 30 with timestamp +1974
Ready to process requests
    Merci d'avance pour votre aide.
    Répondre avec citation Répondre avec citation   0  0
  2. 15/06/2012, 11h44 #2
    CedrX
    CedrX est déconnecté
    Rédacteur
     Avatar de CedrX
    Inscrit en
    Avril 2007
    Messages
    1 111
    Détails du profil
    Informations forums :
    Inscription : Avril 2007
    Messages : 1 111
    Points : 1 525
    Points
    1 525
    Par défaut
    Et ? Quel est le problème?
    Quelles sont tes avancées ?
    C'est bien gentil de nous poster le contenu de la console mais encore faudrait il être un peu plus clair sur les problèmes rencontrés.
    On a pas de boule de cristal
    Répondre avec citation Répondre avec citation   1  0
  3. 18/06/2012, 11h21 #3
    kahina.akkouche
    kahina.akkouche est déconnecté
    Futur Membre du Club
    Femme Profil pro
    Administrateur systèmes et réseaux
    Inscrit en
    Juin 2012
    Messages
    2
    Détails du profil
    Informations personnelles :
    Sexe : Femme
    Localisation : France, Paris (Île de France)

    Informations professionnelles :
    Activité : Administrateur systèmes et réseaux
    Secteur : Enseignement

    Informations forums :
    Inscription : Juin 2012
    Messages : 2
    Points : 6
    Points
    6
    Par défaut LDAP/Freeadius/TTLSPAP
    Bonjour,
    je veux mettre en place un serveur RADISU avec un Serveur LDAP.
    avec une aurthentification TTLS/PAP
    mais j'ai rejet de mes requêtes et je ne sais pas pourquoi :


    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
            User-Name = "toto"
        User-Password = "Z\333=\262T\005Y\215\2459\211\031\t\245\272;"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20120618
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20120618
[auth_log]      expand: %t -> Mon Jun 18 10:53:47 2012
++[auth_log] returns ok
++[digest] returns noop
[IPASS] No '/' in User-Name = "toto", looking up realm NULL
[IPASS] No such realm "NULL"
 
 
 
++[IPASS] returns noop
[suffix] No '@' in User-Name = "toto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "toto", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[ldap] performing user authorization for toto
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> toto
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=toto)
[ldap]  expand: dc=tem-tsp,dc=eu -> dc=tem-tsp,dc=eu
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=tem-tsp,dc=eu, with filter (uid=toto)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] userPassword -> Password-With-Header == "toto"
[ldap] looking for reply items in directory...
  [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "33"
  [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
  [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
[ldap] user toto authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Failed to decode Password-With-Header = "toto"
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "Z�=�T?Y?�9?? ��;"
[pap] No password configured for the user.  Cannot do authentication
++[pap] returns fail
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.        Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> toto
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 113 to 127.0.0.1 port 57413
Waking up in 4.9 seconds.
Cleaning up request 2 ID 11
    Répondre avec citation Répondre avec citation   0  0
ActualitésFAQ LINUXTUTORIELS LINUXOUTILS LINUXLIVRES LINUXLINUX TVUNIXGTK+QtAPACHEOPEN SOURCE
« Discussion précédente | Discussion suivante »

Discussions similaires

  1. freeradius en ttls et securew2
    Par securew2-radius-sos dans le forum Réseau
    Réponses: 0
    Dernier message: 31/12/2009, 00h01
  2. configuration de freeradius et openldap svp
    Par hama206 dans le forum Réseau
    Réponses: 0
    Dernier message: 21/12/2007, 18h05

Partager

Partager
  • Envoyer la discussion sur Viadeo
  • Envoyer la discussion sur Twitter
  • Envoyer la discussion sur Google
  • Envoyer la discussion sur Facebook
  • Envoyer la discussion sur Digg
  • Envoyer la discussion sur Delicious
  • Envoyer la discussion sur MySpace
  • Envoyer la discussion sur Yahoo