PEAP with LDAP as authentication source

Ana Gallardo Gómez anaougu at gmail.com
Mon Aug 29 11:06:34 CEST 2016 

Hello,

I need help. I'm using:

FreeRADIUS Version 3.0.11, for host x86_64-pc-linux-gnu, built on May 26
2016 at 10:07:32

I don't know if I can use PEAP with LDAP  as authentication source...

The problem I found is that inner-tunnel server doesn't receive
User-Password attributte, so the bind in authentication is not successful:

(9) eap_peap: Sending tunneled request to eduroam-inner-tunnel
(9) eap_peap:   EAP-Message =
0x0209004d1a0209004831678809c2e1e7af9fae454407917654e20000000000000000d365e8f3b9d860ae2fe0ee6bc7c83938c49ac777fc41713600616967616c6c6172646f40756e65782e6573
(9) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap:   User-Name = "aigallardo at unex.es"
(9) eap_peap:   State = 0x2af2ae6c2afbb4875ef1f60eaa5df0a2
(9) eap_peap:   NAS-IP-Address = 127.0.0.1
(9) eap_peap:   Calling-Station-Id := "02-00-00-00-00-01"
(9) eap_peap:   Framed-MTU = 1400
(9) eap_peap:   NAS-Port-Type = Wireless-802.11
(9) eap_peap:   Connect-Info = "CONNECT 11Mbps 802.11b"
(9) Virtual server eduroam-inner-tunnel received request
...
(9)   Found Auth-Type = LDAP
(9)   # Executing group from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
(9)     Auth-Type LDAP {
(9)       redundant redundant_ldap_auten_email {
(9) ldap1_auten_email: WARNING: You have set "Auth-Type := LDAP" somewhere
(9) ldap1_auten_email: WARNING:
*********************************************
(9) ldap1_auten_email: WARNING: * THAT CONFIGURATION IS WRONG.  DELETE
IT.
(9) ldap1_auten_email: WARNING: * YOU ARE PREVENTING THE SERVER FROM WORKING
(9) ldap1_auten_email: WARNING:
*********************************************
(9) ldap1_auten_email: ERROR: Attribute "User-Password" is required for
authentication
(9)         [ldap1_auten_email] = invalid
(9)       } # redundant redundant_ldap_auten_email = invalid
(9)     } # Auth-Type LDAP = invalid
(9)   Failed to authenticate the user
(9)   Using Post-Auth-Type Reject

My configuration:

  peap {
    tls = tls-common
    default_eap_type = mschapv2
    copy_request_to_tunnel = yes
    use_tunneled_reply = yes
    virtual_server = "eduroam-inner-tunnel"
  }

It is posible use PEAP with LDAP as authentication source? with TTLS-PAP or
TTLS-MsCHAPv2 it works.

Thank you very much and sorry for my english.


-- 
::::::::::::::::::::::::::::::::::::
:: Ana Gallardo Gómez ::
::::::::::::::::::::::::::::::::::::

More information about the Freeradius-Users mailing list