Alan, Thanks for quick response. On Tue, Feb 2, 2010 at 12:29 PM, Alan DeKok <aland@deployingradius.com>wrote:
Fabio Rampazzo Mathias wrote:
I'm relative new to freeradius, and i'm trying to configure a PPTP VPN on pfSense, authenticating in a FreeRADIUS with LDAP module. But, I'm getting the following error :
Found Auth-Type = LDAP WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. No User-Password or CHAP-Password attribute in the request. Cannot perform authentication. Failed to authenticate the user.
The authorize process works fine, but the authentication not. I can't find "Auth-Type = Local" as it says. This is my access request :
Did you look in the configuration files for "Auth-Type = Local"? Or in your database?
yes and couldn't find anything saying "Auth-Type = Local"...but I think this isn't the most important problem. I've used "grep" to search.
And you posted only PART of the debug output. Wy?
I've sent just a part of debug because I've thought this is the part which really matters. Is there any other you need ?
I've tried many of google searches troubleshooting MS-CHAP problems and most of them is saying me to get a Cleartext-Password entry on my database. But I can't consider this an option, because the security of my accounts in LDAP would be extremely compromised.
Too bad. You don't really have a choice.
http://deployingradius.com/documents/protocols/compatibility.html
Ok. This means that PPTP needs MS-CHAP auth, and MS-CHAP needs Clear Password or NT Hash. How do I enable my FreeRADIUS to authenticate in LDAP using NT Hash ? Is there a way to do this ?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Att, Fabio Rampazzo Mathias