Yet Another PEAP-MSCHAPV2 problem
Alex Moen
alexm at ndtel.com
Tue Sep 22 00:06:29 CEST 2015
Hi Alan,
Yeah, I figured that out once I found that I was barking up the wrong...
um... branch. I have modified my config to look for the full
user at domain, as it is in our UIDs.
Thanks for the link, I will read through that. Half the battle is
finding the proper information. I am changing to use the Samba NT
Password field, since I'm using MSCHAPv2 and this is the only field
(other than a cleartext password field) that will work. Still running
into issues, though, and now it's quitting time...
Thanks!!!
Alex
On 09/21/2015 04:55 PM, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> of the differences between the "branches" of the directory tree, is
>> that the incorrect one is using Crypt passwords, and the correct one
>> is using SSHA passwords. Seems that the SSHA passwords are not
>> working while the Crypt passwords do.
>
> well, as others have pointed out, theres an issue with the format of
> the name too. uid=xxxxx must match, you cant look for uid=user and
> expect uid=user at realm to match - so you may want to vary your ldap
> query based on the username - perhaps do a user-name check if theres
> a realm thats not handled properly?
>
> how does your LDAP server present the password? LDAP is not an authentication
> system, its an 'oracle' of values - so you may need to tell FreeRADIUS what
> format the reply value is - read the LDAP and FreeRADIUS password format docs
>
> eg http://wiki.freeradius.org/modules/rlm_ldap
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481
More information about the Freeradius-Users
mailing list