Colleen C. Morrissey wrote:
I spoke too soon. This works ok for a user/password in users file, but not via LDAP. Via ldap mschap works but not gtc. Below is snippet of output when it is failing. Any advice on how to fix would be appreciated: [root@aster raddb]# more gtc_info modcall: entering group authenticate for request 502 rlm_eap: Request found, released from the list rlm_eap: EAP/gtc rlm_eap: processing type gtc
... which sends the clear-text password to the server.
Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 502 rlm_pap: login attempt with password blah rlm_pap: Using NT encryption.
Why? If you have the clear-text password on the server, you can just compare the two. There's no need to configure rlm_pap to do the NT hash.
radius_xlat: Running registered xlat function of module mschap for string 'NT-Hash blah' rlm_mschap: Unknown expansion string "NT-Hash blah" radius_xlat: ''
That's a bug which will be fixed in 1.1.7, but it shouldn't affect you... Alan Dekok.