EAP-PEAP GTC auth_type

Fajar A. Nugraha fajar at fajar.net
Wed Feb 25 11:50:27 CET 2009


tnt at kalik.net wrote:
>> but using LDAP user with auth_type = PAP in gtc section does not work
>> #==============================================
>> Found Auth-Type = EAP
>> +- entering group authenticate {...}
>> [eap] Request found, released from the list
>> [eap] EAP/gtc
>> [eap] processing type gtc
>> [gtc] +- entering group PAP {...}
>> [pap] login attempt with password "<My LDAP password here>"
>>     
>
> That's not "your LDAP password". That's the password from the
> User-Password field in the request.
>
>   

It was the same as my LDAP password :)
Reading eap.conf again you're right though, that's the password from the
User-Password field in the request. Which means that gtc receives the
password correctly as plain-text.

>> [pap] No password configured for the user.  Cannot do authentication
>> ++[pap] returns fail
>> [eap] Handler failed in EAP/gtc
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Login incorrect: [<My LDAP user here>] (from client <My client name
>> here> port 0 via TLS tunnel)
>> #==============================================
>>     
>
> And where is the part of the debug that shows what ldap did?
>
>   

Here's a complete debug log from radius startup tested with radtest,
with user and pasword masked. This works correctly.
http://pastebin.com/f11606cc2

Here's a complete debug log from radius startup tested with wifi client,
same user and password, same config files. Somehow in this config LDAP
never got to bind as my user.
http://pastebin.com/f37aaf2b2

Regards,

Fajar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3242 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/a1be16af/attachment.bin>


More information about the Freeradius-Users mailing list