I dont understand why it doesn't work , Password are in clear in LDAP base , the only thing that i want is freeradius recieve login and password form an PEAP (Mschapv2) authentification request and compare it from password and login stocked in LDAP database if it's matched so allow the access.

here is my conf file "users"

DEFAULT Auth-Type = EAP, EAP-Type == EAP-PEAP
DEFAULT Auth-Type = LDAP

there to different situation , in both of them authentication section about  LDAP and EAP are uncommented.

++++First : If I uncomment "eap" in authorize section of radiusd.conf :

        #  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        #  authentication.
        #
        #  It also sets the EAP-Type attribute in the request
        #  attribute list to the EAP type from the packet.
        eap
I've got that kind of error :
-----------------------------------------------
lm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
------------------------------------------

Authorize part with ldap works well but not the authentification one with eap (the tls handshake works well)

++++Second : If I comment "eap" in authorize section of radiusd.conf

I've got a long output attached in that mail.

As a conclusion if I edit the users config file like that :



I hope you could help I'm blocked on that problem for 2 weeks and the end of my training period is close and I would like to finish it before :).

Thank you

2006/6/6, Alan DeKok <aland@nitros9.org>:
"thomas hahusseau" <thomas.hahusseau@gmail.com> wrote:
> modcall: entering group Auth-Type for request 6
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.

  This means that the server has no clear-text password.  i.e. it
wasn't retrieved from LDAP.  See the rest of the debug log to see what
was retrieved from LDAP.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html