tnt@kalik.net wrote:
but using LDAP user with auth_type = PAP in gtc section does not work #============================================== Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/gtc [eap] processing type gtc [gtc] +- entering group PAP {...} [pap] login attempt with password "<My LDAP password here>"
That's not "your LDAP password". That's the password from the User-Password field in the request.
It was the same as my LDAP password :) Reading eap.conf again you're right though, that's the password from the User-Password field in the request. Which means that gtc receives the password correctly as plain-text.
[pap] No password configured for the user. Cannot do authentication ++[pap] returns fail [eap] Handler failed in EAP/gtc [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [<My LDAP user here>] (from client <My client name here> port 0 via TLS tunnel) #==============================================
And where is the part of the debug that shows what ldap did?
Here's a complete debug log from radius startup tested with radtest, with user and pasword masked. This works correctly. http://pastebin.com/f11606cc2 Here's a complete debug log from radius startup tested with wifi client, same user and password, same config files. Somehow in this config LDAP never got to bind as my user. http://pastebin.com/f37aaf2b2 Regards, Fajar