Vladimir Vuksan wrote:
Florian Prester wrote:
ist it possible to authenticate an user with eap-ttls using PAP with an Crypt-Password? The Crypt-Password is obtained by an LDAP-Server.
I can do eap-ttls using MD5/PAP with an cleartext Password.
Yes you can, however you have to configure your clients to use TTLS+PAP. Otherwise they will default to TTLS+MSCHAPv2 which will not work with crypted password. Here is a HOWTO on configuring TTLS+PAP
http://vuksan.com/linux/dot1x/wpa-client-config.html
Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Vladimir. I know your howto, it is very helpfull. I configured as you told, but I still get an error at the freeradius: .... Thu Aug 11 17:06:02 2005 : Debug: rlm_ldap: looking for reply items in directory... Thu Aug 11 17:06:02 2005 : Debug: rlm_ldap: user unrz148 authorized to use remote access Thu Aug 11 17:06:02 2005 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Aug 11 17:06:02 2005 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 3 Thu Aug 11 17:06:02 2005 : Debug: modcall[authorize]: module "ldap" returns ok for request 3 Thu Aug 11 17:06:02 2005 : Debug: modcall: group authorize returns updated for request 3 Thu Aug 11 17:06:02 2005 : Debug: rad_check_password: Found Auth-Type pap Thu Aug 11 17:06:02 2005 : Debug: auth: type "PAP" Thu Aug 11 17:06:02 2005 : Debug: Processing the authenticate section of radiusd.conf Thu Aug 11 17:06:02 2005 : Debug: modcall: entering group Auth-Type for request 3 Thu Aug 11 17:06:02 2005 : Debug: modsingle[authenticate]: calling pap (rlm_pap) for request 3 Thu Aug 11 17:06:02 2005 : Auth: rlm_pap: Attribute "Password" is required for authentication. Thu Aug 11 17:06:02 2005 : Debug: modsingle[authenticate]: returned from pap (rlm_pap) for request 3 Thu Aug 11 17:06:02 2005 : Debug: modcall[authenticate]: module "pap" returns invalid for request 3 Thu Aug 11 17:06:02 2005 : Debug: modcall: group Auth-Type returns invalid for request 3 Thu Aug 11 17:06:02 2005 : Debug: auth: Failed to validate the user. ... The Crypted-Password is working and it is available as Crypt-Password. (Tested with ntradping). I added "DEFAULT Auth-Type := pap" at the end of the users-file, without it wants to use ldap-authentication! Also it works with an local user (defined in the users-file) and a Crypt-Password! Any hints? thanks Florian -- -------------------------------------------------------------- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Germany Tel.: +499131 8527813