openLDAP & freeRADIUS
Alan DeKok
aland at deployingradius.com
Thu Jun 26 10:36:22 CEST 2008
William E. Russell wrote:
> I have correctly set up freeRADIUS to read from my openLDAP. I can't
> seem to authenticate my user. I have narrowed down the error to a single
> line, "rlm_eap_mschapv2: Invalid response type 4". From my hours of
> searching online, I have realized that all this means is that there was an
> error in the response packet.
Code 4 is MS-CHAP failure. It means that the client told the server
it didn't like the previous packet.
> I have no idea what error could have occurred.
> I believe it may have to do with the password_attribute. I read something
> documentation that said there was some issue with LDAP and passing a
> cleartext password. Also, as you can see, I am using EAP/PEAP with MSCHAP.
> Any body have any insight in to this type of thing? If I could just get some
> help on how to set up the LDAP and RADIUS, that would be great - I have read
> just about every single tutorial so please don't direct me to one of those.
> I need someone who has a similar set up - what did you use for password
> attribute?
userPassword.
Step 1: Get PEAP working with an entry in the "users" file.
Step 2: Get LDAP working with PAP (radclient). Verify that it
is NOT doing "bind as user"
Step 3: Verify that PEAP works against LDAP.
PLEASE show the debug output. The reason we ask for it is because it
is the DEFINITIVE explanation of what's going on, and the ONLY way to
help you solve the problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list