Ryan Setiawan H wrote:
I've research & googling about LDAP and CHAP :D, but until now still don't work ... here the debug, and btw i'm using freeradius-1.1.7_2 :
If the LDAP server gives FreeRADIUS the clear-text password, then CHAP should work.
rad_recv: Access-Request packet from host 192.168.8.88:4609, id=30, length=48 User-Name = "testing" CHAP-Password = 0x30e3e28c521fe0d81b988d2475dae76f3f ------------cut--------------. rlm_ldap: Bind was successful rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by dialupAccess rlm_ldap: Password header not found in password Testing1 for user testing
And does CHAP work for this user?
-----------cut--------------- * as you can see the radius module rlm_ldap can "see" the password for user testing, here the next one
Next one... what? Next request? Next user?
based on the faq on http://wiki.freeradius.org/index.php/FAQ#How_do_I_make_CHAP_work_with_LDAP.3...,
it is possible for using chap with ldap backend,
Yes. It is also likely that it's much easier on 2.0.5.
also there is clue where parameter like password_header = "{clear}" password_attribute = userPassword password_radius_attribute = "User-Password" must be set.... but how?
in the "ldap" section of radiusd.conf, where the LDAP parameters are configured.
i'm still trying to read the code ( like rlm_chap.c ) to see what attribut does rlm_chap read for the password that was passed by the module ldap. but it is so arcane and "debuging code twice hard as writing the code at first place"
Don't read the code. It won't help you.
anyone has solution for this matter?
Try installing 2.0.5 in a separate directory and configuring it. Odds are it will work. Alan DeKok.