LDAP = Failed setting connection option certificate_file
Alan DeKok
aland at deployingradius.com
Fri Aug 9 15:31:02 CEST 2019
On Aug 9, 2019, at 9:16 AM, Dave Walsh <dave_walsh at lsrhs.net> wrote:
>
> Ok, if I test via the wireless controller the user credentials are accepted
> by Google, but with a client it fails.
>
> Checking via radtest it works for the first test, but when I try the mschap
> test mode it fails.
Google doesn't do MS-CHAP.
> Is that what you were warning me about?
Yes.
> Is there some configuration I've
> messed up and fixing that will solve the issue or have I hit an impasse?
Google stores the passwords, and *won't* give them to FreeRADIUS. Google also doesn't do MS-CHAP.
FreeRADIUS does MS-CHAP. But FreeRADIUS needs access to the passwords, in order to do the MS-CHAP calculations.
The only way around this is:
a) use your own LDAP server, which can then give the passwords to FreeRADIUS
b) get the clients to do TTLS + PAP instead of PEAP + MS-CHAP.
Nothing else will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list