Freeradius with EAP and LDAP

Juntunen, Jarkko jarkko.juntunen at bitkompisab.fi
Thu Dec 19 18:09:40 CET 2019


Thanks for Your advice. We have run Freeradius in debug mode couple of
hours and the problem seems to be ( at least in my opinion) missing of
password in case of EAP authentication. And the problem is that I have no
clue how to have Cleartext-password out of EAP-MSCHAP auth.


to 19. jouluk. 2019 klo 18.23 Marek Zarychta (zarychtam at plan-b.pwste.edu.pl)
kirjoitti:

> W dniu 19.12.2019 o 17:09, Juntunen, Jarkko pisze:
>
> Hello,
> We have Freeradius server 3.0.16 up and running and it'll authenticate Our
> test users successfully via default and inner-tunnel with PAP against Our
> test LDAP-server. But when we try to authenticate those same test users
> against that very same LDAP-server from/via Meraki (Cisco) Wifi-endpoints
> with EAP we'll have rejected auths.
>
> We have also created some test users in Freeradius db, and if we disable
> LDAP from Our configs those users can authenticate without problems against
> Freeradius itself.
>
> I'm just a newbie with Freeradius (and radius in general as well), so can
> anyone help and give a hint what We are missing?
>
> All help will be appreciated.
>
> -Jarkko
> -
>
>
> Dear Jarkko,
>
> please follow Alan's instructions to debug, but also bear in mind that to
> get PEAP with MSCHAP working you probably need either Cleartext-Password or
> hashed NT-Password available for users.
>
> --
> Marek Zarychta
>
>


More information about the Freeradius-Users mailing list