Ldap + EAP
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jan 23 13:23:02 CET 2007
Rafał Kamiński wrote:
> Phil Mayers napisał(a):
>> Assuming you want the most common EAP type, PEAP/MS-CHAP, your LDAP
>> server must contain the users plaintext password or NT/LM hash, and you
>> must configure FreeRadius to extract this information and add it to the
>> configure items for a given request.
>>
>
> Hi,
>
> Can you tell me how configure FreeRadius to extract this information and
> add it to the configure items for request ?
You need the correct values in the "ldap.attrmap" file. The default file
comes with (amongst other) mappings:
checkItem LM-Password lmPassword
checkItem NT-Password ntPassword
>
> A set clear password in ldap and still i have that in debug mode:
>
> Login incorrect: [rka/<no User-Password attribute>] - rka is my user
>
> BR,
You'll need to add the relevant mapping e.g. if your cleartext password
is in "clearPassword" you would use:
checkItem User-Password clearPassword
Modify as appropriate.
More information about the Freeradius-Users
mailing list