On Nov 14 Tim Gustafson wrote:
I'm running FreeRADIUS on a shiny-new CentOS 5.2 machine.
The easiest way to install the latest FreeRADIUS on CentOS I know of is to visit <http://koji.fedoraproject.org/koji/packageinfo?packageID=298>, find the latest source RPM and rebuild it. It's a small amount of work, but will stop people saying "upgrade" a lot..
I'm trying to figure out how to configure FreeRADIUS to authenticate against an OpenLDAP server using MSCHAPv2. I Googled a lot of different phrases, and came up with some things that were mildly helpful. Right now, I have FreeRADIUS authenticating against the LDAP server without using MSCHAPv2, but I'm not understanding how to now activate the MSCHAPv2 part.
I have it working. You need to check your ldap.attrmap (or whatever you've set dictionary_mapping to) points at the right LDAP field. I use the samba schema, so: checkItem NT-Password sambaNtPassword Then your debug log should include entries like: rlm_ldap: sambaNtPassword -> NT-Password == 0x........ WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? ..but this is OK, since with "mschap" before "ldap" in your authorize{} block, FreeRADIUS will handle the challenge-response stuff correctly for MSCHAPv2 using the NT hash from OpenLDAP. Make sure you bind to OpenLDAP with sufficient privilege to read the NT hash! HTH Matt