OpenLDAP and FreeRadius Auth
Herwin Weststrate
herwin at quarantainenet.nl
Tue Aug 12 10:58:39 CEST 2014
>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>> it. Put it back.
>
> I did have that in there but removed it trying to force it. I will
> change it back and play with it again tomorrow.
That still won't work, since the passwords are only available as MD5
hashes, which are incompatible with MSCHAPv2 (there is a nice overview
on http://deployingradius.com/documents/protocols/compatibility.html).
You have to change the settings of the client to use PAP as inner
authentication protocol instead of MSCHAPv2.
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list