Peap+TTLs and Ldap

Francisco Castanheiro fdsc at di.fct.unl.pt
Mon Sep 25 00:15:36 CEST 2006 

I solved my problem... for some reason PEAP only works with LDAP  
users if the following line is present in the peap section of eap.conf:
copy_request_to_tunnel = yes

The default config from red hat ES4 doesn't have this line, not even  
as commentary....

Regards


On Sep 21, 2006, at 22:21, Francisco Castanheiro wrote:

> Hello,
> i'm using freeradius to do the auth on a wireless network. My users  
> are in a Ldap directory that have both NT-Password and  
> UserPassword, i use ldap to auth linux users and samba+ldap to auth  
> windows users.
>
> I have PEAP and ttls set up in my config and some test users with  
> clear password in the users file, plus the ldap users. I have no  
> problems with ttls auth, both with ldap and "local" test users, but  
> i can't say the same about peap. When i try to use peap to auth a  
> "local" user it goes fine, but when the user is a ldap one it just  
> fails. I have the map between ldap and radius attributes setup.
> I think that my ldap NT hashes are correct because i can use them  
> to auth my windows users with samba, but the only thing that i can  
> see that differs from both the scenarios that i described is that  
> ttls uses the "userpassword" attr and PEAP uses the NT-Password  
> attr. And i know that peap works when the password is clear,  
> because it works with the "local" test users.
>
> Could some bad config do this behavior? Or could it be some problem  
> with my version of freeradius and my NT hashes?
>
> I'm out of ideas. If my config or logs help i can post them.
>
> Thanks for any help.
>
> Regards
>
> ---
> Francisco Castanheiro
> Departamento de Informática
> Faculdade de Ciências e Tecnologia - UNL
> E-mail: fdsc at di.fct.unl.pt
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> users.html


---
Francisco Castanheiro
Departamento de Informática
Faculdade de Ciências e Tecnologia - UNL
E-mail: fdsc at di.fct.unl.pt



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060924/a02ed06e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060924/a02ed06e/attachment.pgp>

More information about the Freeradius-Users mailing list