Thanks Phil.. what a stupid move to paste all that passwd.. I've changed it as soon as i get ur mail... thanks again... cannot find any article related to repeating LDAP query for EAP... pls help.. I think the problem coz by RADIUS cannot figure out to set Auth-Type and then it require plain passwd.. When I change password to plain. with the same setting.. it's working... --haizam ----- Original Message ----- From: "Phil Mayers" <p.mayers@imperial.ac.uk> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Friday, July 14, 2006 5:26 PM Subject: Re: EAP-TTLS-PAP-LDAP
Rohaizam Abu Bakar wrote:
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in
That's your problem.
The CVS version of FreeRadius has auto_header which will detect the {type} in the password, strip it and put the password in the right place. Try that. Or, write an external script (run via exec) to manipulate the request correctly.
A couple more things:
1. You're doing the LDAP query on *every* radius request, which is pointless for the EAP conversation. You can rework the config so that doesn't happen - see the list archives for "eap AND 127.0.0.1"
2. You put your LDAP server admin name, password and IP into the debug output. I'd change those ASAP... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html