<div style="direction: ltr;">Hi,<br>
<br>
I'm using SER 0.9.6 as my SIP proxy, and free RADIUS 1.1.0 for
accounting, authorization and authentication. Users are in open LDAP
2.3.20. For connecting to RADIUS I'm using auth_radius module which
uses radusclient-ng.<br>
<br>
Everything works fine when digest is used for authentication and
authorization but when I try to use LDAP for authentication and
authorization i get this from RADIUS:<br>
<br>
rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for <a href="mailto:201@192.168.19.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201@192.168.19.2</a><br>
radius_xlat: '(uid=<a href="mailto:201@192.168.19.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201@192.168.19.2</a>)'<br>
radius_xlat: 'ou=People,dc=sips,dc=tel,dc=fer,dc=hr'<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to <a href="http://192.168.19.2:389/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.19.2:389</a>, authentication 0<br>
rlm_ldap: bind as cn=root,dc=sips,dc=tel,dc=fer,dc=hr/topsct to <a href="http://192.168.19.2:389/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.19.2:389</a><br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in ou=People,dc=sips,dc=tel,dc=fer,dc=hr, with filter (uid=<a href="mailto:201@192.168.19.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201@192.168.19.2</a>)<br>
rlm_ldap: checking if remote access for <a href="mailto:201@192.168.19.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201@192.168.19.2</a> is allowed by employeeType<br>
rlm_ldap: Added password 201 in check items<br>
rlm_ldap: looking for check items in directory...<br>
rlm_ldap: Adding userPassword as User-Password, value 201 & op=21<br>
rlm_ldap: looking for reply items in directory...<br>
rlm_ldap: user <a href="mailto:201@192.168.19.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">201@192.168.19.2</a> authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
modcall[authorize]: module "ldap" returns ok for request 0<br>
modcall: leaving group authorize (returns ok) for request 0<br>
rad_check_password: Found Auth-Type Ldap<br>
auth: type "LDAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group LDAP for request 0<br>
rlm_ldap: - authenticate<br>
rlm_ldap: Attribute "User-Password" is required for authentication.<br>
modcall[authenticate]: module "ldap" returns invalid for request 0<br>
modcall: leaving group LDAP (returns invalid) for request 0<br>
auth: Failed to validate the user.<br>
<br>
I think this is the problem:<br>
Attribute "User-Password" is required for authentication.<br>
<br>
In users file I have added:a<br>
DFAULT Auth-Type:=LDAP<br>
to force using LDAP for authentication and authorization.<br>
<br>
When i try to connect remotly using radius client from command
line, authorization and authentication works fine. When I capture
packets when using SER i can't see User-Password attribute.<br>
<br>
Is there any way to solve this problem. May be to say in RADIUS that
some of digest attributes is actually User-Password attribute, or some
other module which enables using of RADIUS and LDAP.<br>
<br>
Thanks in advance.<br>
<br>
Best regards,<br></div>
<div style="direction: ltr;"><span class="sg">
<br>-- <br> Ivan Turcin<br>Student at University of Zagreb, Faculty of Electricalengeniring and Computing, Branch of Telecomunications and Informatics<br>Unska 3<br>HR-10000 Zagreb
</span></div>