adding mschap to an existing ttls/pap setup
jan at buksy.de
Thu Apr 12 18:01:34 CEST 2012
Am 12.04.2012 17:49, schrieb Brian Gold:
> We currently have an existing freeradius setup using eap-ttls/pap with an openldap backend. Up until now, our userPassword has
> always been SHA encoded. I've been working to add sambaNTPassword hashes so that we can use either eap-ttls/mschap or peap/mschap.
> I've got the nt hashes set, but I'm having some difficulty getting freeradius to successfully authenticate.
> Output from "radtest -t mschap username password localhost 0 secret": http://pastebin.com/FeiwwhzE
> output from "radtest -t pap username password localhost 0 secret": http://pastebin.com/tvZXqJCm
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think I had a similar problem and fixed it by setting set_auth_type =
no in modules/ldap. But I'm not sure if this is the only thing I changed...
all the best,
More information about the Freeradius-Users