pap against LDAP works fine chap against LDAP works fine (With ntradping)
They used different password.
Do you mean chap and MSCHAPv2 require passwords in different formats or something?
No. There is a clear text password stored somewhere.
I can auth CHAP, but with the same username and password can't auth CHAPv2 (with no config change on freeradius) My two debugs show that Debug: rlm_ldap: sambaNtPassword -> NT-Password == 0x4145394341303636374123413937333342303139423034323445363933373332 So the NT-Password is being retrieved from LDAP in both cases.
Yes. But chap wasn't using it.
A coorect password.
Do you think the has being retrieved from LDAP is wrong then?
Yes.
If I do put in an incorrect password I do get the same error message.
No surprise.
*****
Tue Nov 11 10:10:26 2008 : Info: [chap] Using clear text password "ommitted" for user testuser authentication.
Where did that come from?
I don't know - inside tha chap module?
No.
It's retrieved from LDAP.
Not that I can see. Post the whole debug and I will tell you where is clear text password possibly stored. Ivan Kalik Kalik Informatika ISP