Freeradius doesn't work with ldap

Eduardo Lima duwise2003 at yahoo.com.br
Fri Nov 16 15:21:07 CET 2007 

Thanks Alan.

I'll update to 1.1.7 but I don't think it will solve the problem.

Ldap authentication work with radping (wired connection) but on the wireless, it keeps failing.

I don't understand this:

"  Processing the authenticate section of radiusd.conf
 modcall: entering group MS-CHAP for request 6
 rlm_mschap: No User-Password configured.  Cannot create LM-Password.
 rlm_mschap: No User-Password configured.  Cannot create NT-Password.
 rlm_mschap: Told to do MS-CHAPv2 for ducavalcanti with NT-Password
 rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
 rlm_mschap: FAILED: MS-CHAP2-Response is incorrect "


MS-CHAPv2 doesn't work with openLDAP???

Please help.

Alan DeKok <aland at deployingradius.com> escreveu: Eduardo Lima wrote:
> Hi, I've been using Freeradius 1.1.3 

  Please upgrade to 1.1.7...

> with PEAP/MSCHAPv2 authentication
> with no problem. But now, I need to use it with LDAP too and it doesn't
> work at all.
> 
> The client is windows xp without a domain. The LDAP is for the email
> directory.
> 
> The user should type your user name (email) and password stored in LDAP.

  Can you retrieve the password from LDAP?  If so, it should be easy to
make it work.

> Probably, the error is in:
> 
>  Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 6
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for ducavalcanti with NT-Password
>   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

  Yes.

...
> [/etc/raddb/users]:10 WARNING! Check item "Simultaneous-Use" ?found in
> reply item list for user "cidadao". ?This attribute MUST go on the first
> line with the other check items

  You also want to fix this.  See "man users".

...
>   Processing the authorize section of radiusd.conf
...
> modcall: leaving group authorize (returns updated) for request 0

  And there are NO references to the LDAP module.

  i.e. you have not configured the server to read "known good" passwords
from LDAP.  See radiusd.conf for how to do this.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071116/9ea20d30/attachment.html>

More information about the Freeradius-Users mailing list