openLDAP & freeRADIUS
William E. Russell
wrussell at incnetworks.com
Thu Jun 26 19:35:12 CEST 2008
How can I get the log or the out of it? It is so long that the terminal
doesn't allow me to scroll all the way back to the top. Is there a log? I
found radius.log, but it had nothing. Is there a command to generate the
log? Thanks. I know I am close here...
William E. W. Russell
Member of Technical Staff (Software Development)
198 Brighton Avenue
Long Branch, New Jersey 07740
Home #: 732-752-2037
Cell #: 732-744-6483
-----Original Message-----
From: freeradius-users-bounces+wrussell=incnetworks.com at lists.freeradius.org
[mailto:freeradius-users-bounces+wrussell=incnetworks.com at lists.freeradius.o
rg] On Behalf Of Alan DeKok
Sent: Thursday, June 26, 2008 4:36 AM
To: FreeRadius users mailing list
Subject: Re: openLDAP & freeRADIUS
William E. Russell wrote:
> I have correctly set up freeRADIUS to read from my openLDAP. I can't
> seem to authenticate my user. I have narrowed down the error to a single
> line, "rlm_eap_mschapv2: Invalid response type 4". From my hours of
> searching online, I have realized that all this means is that there was an
> error in the response packet.
Code 4 is MS-CHAP failure. It means that the client told the server
it didn't like the previous packet.
> I have no idea what error could have occurred.
> I believe it may have to do with the password_attribute. I read something
> documentation that said there was some issue with LDAP and passing a
> cleartext password. Also, as you can see, I am using EAP/PEAP with MSCHAP.
> Any body have any insight in to this type of thing? If I could just get
some
> help on how to set up the LDAP and RADIUS, that would be great - I have
read
> just about every single tutorial so please don't direct me to one of
those.
> I need someone who has a similar set up - what did you use for password
> attribute?
userPassword.
Step 1: Get PEAP working with an entry in the "users" file.
Step 2: Get LDAP working with PAP (radclient). Verify that it
is NOT doing "bind as user"
Step 3: Verify that PEAP works against LDAP.
PLEASE show the debug output. The reason we ask for it is because it
is the DEFINITIVE explanation of what's going on, and the ONLY way to
help you solve the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list