EAP-TTLS-PAP-LDAP

Phil Mayers p.mayers at imperial.ac.uk
Fri Jul 14 11:26:20 CEST 2006


Rohaizam Abu Bakar wrote:
> rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in 

That's your problem.

The CVS version of FreeRadius has auto_header which will detect the 
{type} in the password, strip it and put the password in the right 
place. Try that. Or, write an external script (run via exec) to 
manipulate the request correctly.

A couple more things:

  1. You're doing the LDAP query on *every* radius request, which is 
pointless for the EAP conversation. You can rework the config so that 
doesn't happen - see the list archives for "eap AND 127.0.0.1"

  2. You put your LDAP server admin name, password and IP into the debug 
output. I'd change those ASAP...



More information about the Freeradius-Users mailing list