I dont understand why it doesn't work , Password are in clear in LDAP
base , the only thing that i want is freeradius recieve login and
password form an PEAP (Mschapv2) authentification request and compare
it from password and login stocked in LDAP database if it's matched so
allow the access.<br>
<br>
here is my conf file "users"<br>
<br>
DEFAULT Auth-Type = EAP, EAP-Type == EAP-PEAP<br>
DEFAULT Auth-Type = LDAP<br>
<br>
there to different situation , in both of them <span style="text-decoration: underline;">authentication section</span> about LDAP and EAP are uncommented.<br>
<br>
++++First : If I uncomment "eap" in <span style="text-decoration: underline;">authorize</span> section of radiusd.conf :<br>
<br>
# This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP<br>
# authentication.<br>
#<br>
# It also sets the EAP-Type attribute in the request<br>
# attribute list to the EAP type from the packet.<br>
eap<br>
I've got that kind of error :<br>
-----------------------------------------------<br>
lm_ldap: ldap_release_conn: Release Id: 0<br>
modcall[authorize]: module "ldap" returns ok for request 7<br>
modcall: group authorize returns updated for request 7<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 7<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.<br>
rlm_eap_peap: Received EAP-TLV response.<br>
rlm_eap_peap: Tunneled data is valid.<br>
rlm_eap_peap: Had sent TLV failure, rejecting.<br>
rlm_eap: Handler failed in EAP/peap<br>
rlm_eap: Failed in EAP select<br>
modcall[authenticate]: module "eap" returns invalid for request 7<br>
modcall: group authenticate returns invalid for request 7<br>
auth: Failed to validate the user.<br>
Login incorrect: [test/<no User-Password attribute>] (from client Access_Point_3COM port 1 cli 004096a1ce69)<br>
Delaying request 7 for 1 seconds<br>
Finished request 7<br>
------------------------------------------<br>
<br>
Authorize part with ldap works well but not the authentification one with eap (the tls handshake works well)<br>
<br>
++++Second : If I comment "eap" in <span style="text-decoration: underline;">authorize</span> section of radiusd.conf <br>
<br>
I've got a long output attached in that mail.<br>
<br>
As a conclusion if I edit the users config file like that :<br>
<br>
<br>
<br>
I hope you could help I'm blocked on that problem for 2 weeks and the
end of my training period is close and I would like to finish it before
:).<br>
<br>
Thank you<br><br><div><span class="gmail_quote">2006/6/6, Alan DeKok <<a href="mailto:aland@nitros9.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">aland@nitros9.org</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
"thomas hahusseau" <<a href="mailto:thomas.hahusseau@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">thomas.hahusseau@gmail.com</a>> wrote:<br>> modcall: entering group Auth-Type for request 6
<br>> rlm_mschap: No User-Password configured. Cannot create LM-Password.
<br>> rlm_mschap: No User-Password configured. Cannot create NT-Password.<br><br> This means that the server has no clear-text password. i.e. it<br>wasn't retrieved from LDAP. See the rest of the debug log to see what
<br>was retrieved from LDAP.<br><br> Alan DeKok.<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>