- Some have said EAP and LDAP can't be combined because LDAP requires plain text passwords here and EAP doesn't play ball in that manner
Ldap "bind as user" authentication can't be used with EAP but that doesn't mean that you can't use passwords stored on Ldap server.
What EAP method are you using... The different EAP methods have different requirements.
Well, again, I'm trying to work from a default Freeradius installation. The debug output, of course, is many repetitions of authorize/authenticate. I assume it's all about establishing the SSL session to my device in a lot of those, ending with:
[peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled
After that, the last few cycles of authorize/authenticate head in the direction of many PEAP references, and, I suspect things finally going off the rails here:
Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for ldaptest with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user.
More debug would be of use. In default configuration ldap is not enabled in inner-tunnel virtual server. Enable it in inner-tunnel authorize and see if the password is available then. Ivan Kalik Kalik Informatika ISP