I am able to have peap/mschpv2 work with ldap nt hash. radtest -t mschap will not work for peap/mschapv2, the real windows supplicant, wireless access point will work. The format in ldap is not relevant, w/ or w/o the preceding 0x will work. The configuration I changed from default are the following clients.conf to add testing AP ip and secret eap.conf to add the real certificate thing etc. modules/ldap to add the ldap proxy account information. site-enabled/inner-tunnel - uncomment the ldap line in authorize authorize { # # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap } Now whenever I try to have a virtual server for another instance, then it will have the same error as before. Then I copied the site-enabled/default content and put them within the virtual server, it's working again. I then try to reduce to the minimum necessary configuration, the following is for the virtual server to work server ldap_ntpassword_1814 { listen { type = auth ipaddr = * port = 1814 } listen { ipaddr = * port = 1815 type = acct } authorize { eap { ok = return } } authenticate { eap } } Thanks, Schilling On Fri, Nov 5, 2010 at 7:12 AM, schilling <schilling2006@gmail.com> wrote:
I asked the ldap admin to change the format of the ntPassword to prepend with 0x, now radius -X get the right hash, but it still have no "known good" password was found in LDAP. Nevertheless, the authorization is ok. What is the right format to put in our ldap ntPassword attribute? Should I ignore the error and focus on the Auth-Type error?
I will reinstall 2.1.0 with all default, and try it again.
Thanks,
Schilling
[ldap] looking for check items in directory... [ldap] ntPassword -> NT-Password == 0x771cfdfe02a8c15e15b3e0e4974602fa [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user sding authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok
On Thu, Nov 4, 2010 at 11:10 PM, Alan DeKok <aland@deployingradius.com> wrote:
schilling wrote:
Found Auth-Type = EAP WARNING: Unknown value specified for Auth-Type. Cannot perform requested action.
You have edited the default configuration and broken it. Don't do that.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html