On Fri, Aug 29, 2008 at 11:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for testuser@bric.dk with NT-Password rlm_mschap: No NT-Password configured. Trying DirectoryService Authentication.
What is the password entry for this user in ldap? Is it encrypted?
Ivan Kalik Kalik Informatika ISP
The password are stored in the "default OS X Server way" for a shared domain. This is in what Apple calls Open Directory: meaning that the LDAP stores a pointer (aka a password slot) which references the actual password which is stored in a database seperate from the LDAP. Details can be found on page 41 in this document: http://images.apple.com/server/macosx/docs/Open_Directory_Admin_v10.5.pdf This mechanism is what is working "out of the box". Earlier on I made a test environment where this worked - the difference being the test environment was a server and an access point communicating directly. Now - the real scenario - the server is working in what I think is called proxy mode, the authentication requests does not originate directly from the access point, but is "relayed" (my best description) via the Eduroam DK top level servers. NB.: I suspect that the LDAP is not even queried, I am not yet able to find any clues in the logfiles indicating anything else :( - TvE