From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alt@zlt.ru>
From: max <alt@zlt.ru>
To: community@altlinux.ru
Date: Mon, 4 Apr 2005 18:16:53 +0600
User-Agent: KMail/1.6.2
References: <200503311904.01561.alt@zlt.ru> <424BF695.1000507@sakhalin.ru>
In-Reply-To: <424BF695.1000507@sakhalin.ru>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Message-Id: <200504041816.53472.alt@zlt.ru>
Subject: [Comm] Re: freeradius & openldap
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: community@altlinux.ru
List-Id: Mailing list for ALT Linux users <community.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/community>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2005 12:08:00 -0000
Archived-At: <http://lore.altlinux.org/community/200504041816.53472.alt@zlt.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

=F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 31 =ED=C1=D2=D4 2005 19:09 Dmitry Le=
bkov =CE=C1=D0=C9=D3=C1=CC(a):
> max wrote:
> > =EE=C5 =CD=CF=C7=D5 =D0=CF=C4=D2=D5=D6=C9=D4=D8 freeradius & openldap =
=CE=C1 =ED=C1=D3=D4=C5=D2 2.4
> >
> > =EB=D4=CF-=CE=C9=C2=D5=C4=D8 =C4=C5=CC=C1=CC =D4=C1=CB=CF=C5? =F7 =C9=
=C4=C5=C1=CC=C5 =C8=CF=D4=C5=CC =D0=CF=CC=D5=DE=C9=D4=D8 vpn =D3 =C1=D7=D4=
=CF=D2=C9=DA=C1=C3=C9=C5=CA =DE=C5=D2=C5=DA
> > ldap.
> >
> > freeradius =CE=C5=CD=CE=CF=C7=CF =CF=C2=CE=CF=D7=CC=A3=CE.
>
> [=CE=C5=CE=D5=D6=CE=D9=C5 =D0=CF=C4=D2=CF=C2=CE=CF=D3=D4=C9 =D0=CF=D3=CB=
=C9=D0=C1=CE=D9]
>
> > rlm_ldap: performing search in ou=3DUsers dc=3Dzlt,dc=3Dru, with filter
> > (&(objectClass=3DposixAccount)(uid=3Dmax1)) rlm_ldap: ldap_search() fai=
led:
> > Invalid DN syntax
>
> =F5=DE=C9=CD=D3=D1 =D7=CE=C9=CD=C1=D4=C5=CC=D8=CE=CF =DE=C9=D4=C1=D4=D8 d=
ebug output. =F0=D2=CF=C2=CC=C5=CD=C1 =D7 =CB=CF=CE=C6=C9=C7=C5 radius'=C1,=
 =D7
> =D3=C5=CB=C3=C9=C9 ldap - =D7 DN =D0=D2=CF=D0=D5=DD=C5=CE=C1 =DA=C1=D0=D1=
=D4=C1=D1
>
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> >   modcall[authorize]: module "ldap" returns fail for request 0
> > modcall: group authorize returns fail for request 0
>
> =E9 =CB=C1=CB =D2=C5=DA=D5=CC=D8=D4=C1=D4 - =C1=D7=D4=CF=D2=C9=DA=C1=C3=
=C9=D1 =CE=C5 =D0=D2=DB=CC=C1.
>
> [skip]
>
> > =F7=CF=D4 =DE=C1=D3=D4=D8 =CB=CF=C6=C9=C7=C1 =D2=C1=C4=C9=D5=D3=C1:
> >         ldap {
> >                 server =3D "localhost"
> >                 identity =3D "cn=3Dadmin,dc=3Dzlt,dc=3Dru"
> >                 password =3D secret
> >                 basedn =3D "ou=3DUsers dc=3Dzlt,dc=3Dru"
>
>                                      ^=D0=D2=CF=D0=D5=DD=C5=CE=C1 =DA=C1=
=D0=D1=D4=C1=D1

=FC=D4=CF =D0=CF=CD=CF=C7=CC=CF, =D3=D2=C1=DA=D5 =DA=C1=D2=C1=C2=CF=D4=C1=
=CC=CF.

#radtest max1 123 localhost 2 testlocal
Sending Access-Request of id 13 to 127.0.0.1:1812
        User-Name =3D "max1"
        User-Password =3D "123"
        NAS-IP-Address =3D max
        NAS-Port =3D 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=3D13, length=3D=
99
        Framed-Compression =3D None
        Framed-MTU =3D 1400
        Framed-Routing =3D Broadcast-Listen
        Framed-Route =3D "192.168.1.0/24 192.168.200.204/32 1"
        Framed-IP-Netmask =3D 255.255.255.255
        Framed-IP-Address =3D 192.168.10.100
        Framed-Protocol =3D PPP
        Service-Type =3D Framed-User

# radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1:32936, id=3D13, length=
=3D56
        User-Name =3D "max1"
        User-Password =3D "123"
        NAS-IP-Address =3D 255.255.255.255
        NAS-Port =3D 2
modcall: entering group authorize for request 16
  modcall[authorize]: module "preprocess" returns ok for request 16
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat:  '(&(objectClass=3DposixAccount)(uid=3Dmax1))'
radius_xlat:  'ou=3DUsers, dc=3Dzlt,dc=3Dru'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=3DUsers, dc=3Dzlt,dc=3Dru, with filter=20
(&(objectClass=3DposixAccount)(uid=3Dmax1))
rlm_ldap: checking if remote access for max1 is allowed by dialupAccess
rlm_ldap: Added password 123 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None =
&=20
op=3D11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=3D11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Lis=
ten=20
& op=3D11
rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24=20
192.168.200.204/32 1 & op=3D11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value=20
255.255.255.255 & op=3D11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value=20
192.168.10.100 & op=3D11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=3D=
11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=
=3D11
rlm_ldap: user max1 authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 16
modcall: group authorize returns ok for request 16
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype for request 16
rlm_ldap: - authenticate
rlm_ldap: login attempt by "max1" with password "123"
rlm_ldap: user DN: uid=3Dmax1,ou=3DUsers,dc=3Dzlt,dc=3Dru
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=3Dmax1,ou=3DUsers,dc=3Dzlt,dc=3Dru/123 to localhost:3=
89
rlm_ldap: waiting for bind result ...
rlm_ldap: user max1 authenticated succesfully
  modcall[authenticate]: module "ldap" returns ok for request 16
modcall: group authtype returns ok for request 16
Login OK: [max1] (from client localhost port 2)
Sending Access-Accept of id 13 to 127.0.0.1:32936
        Framed-Compression =3D None
        Framed-MTU =3D 1400
        Framed-Routing =3D Broadcast-Listen
        Framed-Route =3D "192.168.1.0/24 192.168.200.204/32 1"
        Framed-IP-Netmask =3D 255.255.255.255
        Framed-IP-Address =3D 192.168.10.100
        Framed-Protocol =3D PPP
        Service-Type =3D Framed-User
=46inished request 16
Going to the next request
=2D-- Walking the entire request list ---
Waking up in 6 seconds...
=2D-- Walking the entire request list ---
Cleaning up request 16 ID 13 with timestamp 4251220c
Nothing to do.  Sleeping until we see a request.

=EB=CF=D2=CF=DE=C5 radtest =D2=C1=C2=CF=D4=C1=C5=D4.

=EE=CF =D0=CF=C4=CB=CC=C0=DE=C9=D4=D3=D1 =CB pptpd =CE=C5 =D0=CF=CC=D5=DE=
=C1=C5=D4=D3=D1. =EE=C5=D7=C5=D2=CE=D9=CA =CC=CF=C7=C9=CE-=D0=C1=D2=CF=CC=
=D8 :(

=F7=CF=D4 =DE=D4=CF =D7 =CC=CF=C7=C1=C8:

Apr  4 17:51:33 max pptpd[23341]: CTRL: Client 192.168.11.62 control=20
connection started
Apr  4 17:51:33 max pptpd[23341]: CTRL: Starting call (launching pppd, open=
ing=20
GRE)
Apr  4 17:51:33 max pppd[23342]: Plugin radius.so loaded.
Apr  4 17:51:33 max pppd[23342]: RADIUS plugin initialized.
Apr  4 17:51:33 max pppd[23342]: pppd 2.4.2 started by root, uid 0
Apr  4 17:51:33 max pptpd[23341]: GRE: Discarding duplicate packet
Apr  4 17:51:33 max pppd[23342]: Using interface ppp1
Apr  4 17:51:33 max pppd[23342]: Connect: ppp1 <--> /dev/pts/8
Apr  4 17:51:33 max pptpd[23341]: GRE: Bad checksum from pppd.
Apr  4 17:51:35 max pptpd[23341]: CTRL: Ignored a SET LINK INFO packet with=
=20
real ACCMs!
Apr  4 17:51:36 max pptp[22751]: anon log[ctrlp_rep:pptp_ctrl.c:243]: Sent=
=20
control packet type is 5 'Echo-Request'
Apr  4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:659]: Echo Re=
ply=20
received.
Apr  4 17:51:36 max pptp[22751]: anon log[logecho:pptp_ctrl.c:661]: no more=
=20
Echo Reply/Request packets will be reported.
Apr  4 17:51:37 max pppd[23342]: Peer max1 failed CHAP authentication
Apr  4 17:51:37 max pppd[23342]: Connection terminated.
Apr  4 17:51:37 max pppd[23342]: Exit.


=F7 =DC=D4=CF =D7=D2=C5=CD=D1 # radiusd -X

rad_recv: Access-Request packet from host 127.0.0.1:32996, id=3D221, length=
=3D132
        Service-Type =3D Framed-User
        Framed-Protocol =3D PPP
        User-Name =3D "max1"
        MS-CHAP-Challenge =3D 0xfd0cf587b3d545c1888e02d8fe9527a6
        MS-CHAP2-Response =3D=20
0x1e0013afdccec8c685742c81fdcd87c34fa10000000000000000740fd7751f825f095cb8e=
04f062026ef56f0a0256665feab
        NAS-IP-Address =3D 192.168.11.15
        NAS-Port =3D 1
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for max1
radius_xlat:  '(&(objectClass=3DposixAccount)(uid=3Dmax1))'
radius_xlat:  'ou=3DUsers, dc=3Dzlt,dc=3Dru'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=3DUsers, dc=3Dzlt,dc=3Dru, with filter=20
(&(objectClass=3DposixAccount)(uid=3Dmax1))
rlm_ldap: checking if remote access for max1 is allowed by dialupAccess
rlm_ldap: Added password 123 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value None =
&=20
op=3D11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1400 & op=3D11
rlm_ldap: Adding radiusFramedRouting as Framed-Routing, value Broadcast-Lis=
ten=20
& op=3D11
rlm_ldap: Adding radiusFramedRoute as Framed-Route, value 192.168.1.0/24=20
192.168.200.204/32 1 & op=3D11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value=20
255.255.255.255 & op=3D11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value=20
192.168.10.100 & op=3D11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=3D=
11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=
=3D11
rlm_ldap: user max1 authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns ok for request 3
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype for request 3
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "ldap" returns invalid for request 3
modcall: group authtype returns invalid for request 3
auth: Failed to validate the user.
Login incorrect: [max1/<no User-Password attribute>] (from client localhost=
=20
port 1)
Delaying request 3 for 1 seconds
=46inished request 3


=EB=D5=C4=C1 =C4=C5=D7=C1=CC=D3=D1 User-Password ?
=F7=C5=C4=D8 =C2=D9=CC =D7=CE=C1=DE=C1=CC=C5 =D7=D9=D7=CF=C4=C1 radiusd -X =
=D0=C1=D2=CF=CC=D8, =C1 =D7 =CB=CF=CE=C3=C5 =CE=C5=D4=D5....

=2D-=20
MaX