FreeRadius, OpenLDAP, Samba, Libnss
Posted on 2006-11-06
I currently have OpenLDAP storing posixAccounts and sambaSamAccounts. I am now trying to get my firewall/vpn authenticate remote vpn users off of the OpenLDAP server in some sort of a secure fashion (or any fashion at this point). I have gotten FreeRadius to work properly for local unix accounts and partially for OpenLDAP posix accounts using clear text. I am trying to get the VPN to utilize the sambaNTPassword attribute.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in <FOO BAR>, with filter (uid=efaden)
rlm_ldap: checking if remote access for <ME> is allowed by dialupAccess
rlm_ldap: Added password <sambaNTPassword String> in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaNTPassword as NT-Password, value <sambaNTPassword String> & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value <sambaLMPassword String> & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user efaden authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
That is the debugging output from FreeRadius. This is what happens with the LDAP passwordAttribute set to sambaNTPassword. What am I doing wrong? I believe that mschap is not actually loading. Anyone?