EAP-TTLS-PAP-LDAP

Rohaizam Abu Bakar haizam at myjaring.net
Fri Jul 14 05:31:46 CEST 2006


Trying to do EAP-TTLS-PAP with CRYPT passwd in LDAP.. The tunelling seems 
fine.. but up to comparing the password it will failed. Refer below logs & 
config


Some says (http://felipe-alfaro.org/blog/category/radius/) PAP is tunneled 
inside EAP-TTLS through EAP-GTC... Tried that as well.. still same error..

gtc {
auth_type = PAP [even trying to change to LDAP/OCE - still same error)
}


Error
====
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [jaroce2 at ocemy015.com] (from client localhost port 0)
  TTLS: Got tunneled Access-Reject
 rlm_eap: Handler failed in EAP/ttls
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 9
modcall: leaving group authenticate (returns invalid) for request 9
auth: Failed to validate the user.
Login incorrect: [jaroce2 at ocemy015.com] (from client OCE_JARING port 241 cli 
00-11-5b-2d-b2-8e)

With setting:-

a) radiusd.conf

ldapOCE {
    --some setting
}

authorize {
    eap
    Autz-Type OCE {
        ldapOCE
    }
}

authenticate {
    Auth-Type OCE {
        ldapOCE
    }
eap
}

b) eap.conf

eap {
    default_eap_type = ttls


    tls {
    --some setting
    }
    ttls {
        default_eap_type = md5
    }


c) users:-

DEFAULT         Realm == "my015.com", Autz-Type := OCE






More information about the Freeradius-Users mailing list