Radius Server and Ldap Server

Maurice James midnightsteel at msn.com
Mon Jan 13 11:31:45 CET 2014 

I go this to work by changing the format that ldap stores the password. I
changed it to clear text. Its not ideal but it works for me

 

 

From: freeradius-users-bounces+midnightsteel=msn.com at lists.freeradius.org
[mailto:freeradius-users-bounces+midnightsteel=msn.com at lists.freeradius.org]
On Behalf Of ???
Sent: Monday, January 13, 2014 5:24 AM
To: FreeRadius users mailing list
Subject: RE: Radius Server and Ldap Server

 

Hi, Thanks for your help.  After apply the configuration you recommend to
the inner-tunnel file, the debug information no process for searching ldap
server, and user from ldap database still can not be authenticated.
There are also infomation about

/***********************************************************************/
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: liy1
[mschap] Client is using MS-CHAPv2 for liy1, we need NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] = reject
+} # group MS-CHAP = reject
[eap] Freeing handler
++[eap] = reject
+} # group authenticate = reject
Failed to authenticate the user.
/***********************************************************************/

I have changed the ldap.attrmap to:  
checkitem       Cleartext-Password              userpassword

Thanks, waiting for your reply.



Subject: Re: Radius Server and Ldap Server
From: a.cudbardb at freeradius.org <mailto:a.cudbardb at freeradius.org> 
Date: Mon, 13 Jan 2014 09:50:39 +0000
To: freeradius-users at lists.freeradius.org
<mailto:freeradius-users at lists.freeradius.org> 

 
On 13 Jan 2014, at 09:15, 李亚坤 <liyakun127 at hotmail.com
<mailto:liyakun127 at hotmail.com> > wrote:
 
> Hello all,
> 
> I am trying to set up a radius server to perform authentication for wifi
> login against the user with password database in LDAP.
> 
> I have no right to get the password back from LDAP, and the only reply
> information from LDAP server is the I login in success.
> 
> However, I need to login wifi by a user name and password stored in LDAP
> server, without the reply password from LDAP, how can the radius server
> check whether the password I have provided is correct.
 
By attempting to bind as the user.
 
authorize {
        if (User-Password) {
               update control {
                       Auth-Type := LDAP
               }
        }
}
 
authenticate {
        Auth-Type LDAP {
               ldap
        }
}
 
-Arran
 
Arran Cudbard-Bell <a.cudbardb at freeradius.org <mailto:a.cudbardb at freeradius.
org> >
FreeRADIUS Development Team
 
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
 


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/e0b575ec/attachment.html>

More information about the Freeradius-Users mailing list