Freeradius open-ldap Auth
Alan DeKok
aland at deployingradius.com
Tue Dec 1 19:36:52 CET 2020
On Dec 1, 2020, at 10:02 AM, David Musoke <dmusoke at umu.ac.ug> wrote:
>
> Hello Folks,
> Am trying to set up authentication using open ldap and freeradius.
> When I run a radtest for one of my users in ldap, i receive access-accept
> msg
> But when I try authenticating from a windows or Mac Os user I don't succeed.
Yes.
> Below is my debug out-put when i try to authenticate from a windows machine
Reading it helps.
> ...
> rlm_ldap (ldap): Connecting to ldap://196.43.180.28:389
> rlm_ldap (ldap): Waiting for bind result...
> rlm_ldap (ldap): Bind successful
> (7) [ldap] = updated
> (7) [expiration] = noop
> (7) [logintime] = noop
> (7) pap: Converted: &control:Password-With-Header -> &control:SSHA1-Password
> (7) pap: Removing &control:Password-With-Header
> (7) pap: Normalizing SSHA1-Password from base64 encoding, 32 bytes -> 24
> bytes
That's a nice password format.
> (7) mschap: WARNING: No Cleartext-Password configured. Cannot create
> NT-Password
> (7) mschap: WARNING: No Cleartext-Password configured. Cannot create
> LM-Password
> (7) mschap: Creating challenge hash with username: dmusoke at umu.ac.ug
> (7) mschap: Client is using MS-CHAPv2
> (7) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
The MS-CHAP module is telling you what it needs.
Hint: it's not SSHA1-Password.
http://deployingradius.com/documents/protocols/compatibility.html
Alan DeKok.
More information about the Freeradius-Users
mailing list