[ previous ] [ next ] [ threads ]
 From:  Francisco Cruz <tito at iiia dot csic dot es>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  M0n0wall + FreeRadius + openLDAP
 Date:  Fri, 02 Feb 2007 12:48:33 +0100
M0n0wall + FreeRadius + openLDAP


I'm trying to access to my network through a VPN Server in a M0n0wall 
box, I've configured VPNs in the mono-box and it works when using local 
users defined in m0n0wall. Now I want to authenticate those users in my 
LDAP directory, using freeradius.

I have openLDAP working perfectly and i have installed freeradius.

When I make a test with 'radtest' it works correctly, i can see this in 
the log

rlm_ldap: Bind was successful
rlm_ldap: user test authenticated succesfully
Login OK: [test/mypass] (from client localhost port 10)

Now I turn on m0n0wall and I try to connect from a VPN client.
The authorization phase is right, freeradius find in the LDAP directory 
the entry and accepts for authentication.
But in the autentication I can find this messages

rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
request done: ld 0x800dc580 msgid 13
rlm_ldap: checking if remote access for test is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}SOMEPASS in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaNTPassword as NT-Password, value 
0x59287645927356923754375237534534 & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding sambaNTPassword as User-Password, value 
0x59287645927356923754375237534534 & op=11
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
Login incorrect: [tito/<no User-Password attribute>] (from client mono 
port 0)

And finally allways this "no User-Password attribute".
I've tryed to map User-Password atrtribute in ldap.attrmap with no 
fortune and I make several tests in order to make it work, like put the 
password in CLEAR mode, store a samba password, etc.  

do somebody knows whats wrong?
Thank you all.