openLDAP & freeRADIUS

Mustapha Bouikhif Mustapha.Bouikhif at cnrs-gif.fr
Thu Jun 26 09:55:22 CEST 2008


William E. Russell a écrit :
> All,
>
> 	I am currently working with openLDAP and freeRADIUS.
> 	I have correctly set up freeRADIUS to read from my openLDAP. I can't
> seem to authenticate my user. I have narrowed down the error to a single
> line, "rlm_eap_mschapv2: Invalid response type 4". From my hours of
> searching online, I have realized that all this means is that there was an
> error in the response packet. I have no idea what error could have occurred.
> I believe it may have to do with the password_attribute. I read something
> documentation that said there was some issue with LDAP and passing a
> cleartext password. Also, as you can see, I am using EAP/PEAP with MSCHAP.
> Any body have any insight in to this type of thing? If I could just get some
> help on how to set up the LDAP and RADIUS, that would be great - I have read
> just about every single tutorial so please don't direct me to one of those.
> I need someone who has a similar set up - what did you use for password
> attribute?
>
> William
>
> William E. W. Russell
> Member of Technical Staff (Software Development)
> 198 Brighton Avenue
> Long Branch, New Jersey 07740
> Home #: 732-752-2037
> Cell #: 732-744-6483
>
>   
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,

I have nearly the same installation as you. If you want tu use EAP/{PEAP 
or TTLS} with MSCHAPv2, the userPassword attribute in LDAP must be 
crypted before loading it in ldap database. Also Freeradius (via the 
module MSCHAP) needs to get the userPassword attribute (via NT-password 
mapping in ldap.attrmap file).
To encrypt a password, use "smbencrypt" to generate two type of hashes: 
LM hash and NT hash. you must use the NT hash for MSCHAPv2 to work properly

hope this may help...


-- 
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4 

tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39




More information about the Freeradius-Users mailing list