Steffen Langhammer wrote:
The LDAP-Server doesn't contain a clear-text password. They are encrypted and this isn't allowed to change.
hhttp://deployingradius.com/documents/protocols/compatibility.html
The password field is "userPassword".
I was testing my LDAP-Configuration in Freeradius with NTRadPing. If I make an authentication Request I get a response: Access_accept. I am happy that freeradius can speak to LDAP :-))
Now my problem is: The wireless client is configured to LEAP, I enter the same user and password as in NTRadPing Utility. But I don't get access.
Your requirements are impossible to satisfy.
I don't understand what I have done wrong. Maybee the eap-module is not able to forward the bind to the LDAP-Server ?
No. Read the page given by the URL above. What you want to do is impossible.
If i use LEAP and set the password_attribute to an cleartext field in ldap it works.
Exactly.
I was setting as password_attribute the field to givenname and enter as passwort the givenname of user.
If I use the LEAP mode on the client the login to WLAN works fine (by using cleartext) But I have to use the encrypted password in LDAP because of security reasons.
What can I do ?
Read the last section of that web page. Trying to do the impossible is an effort in futility. Change your requirements to something that is possible to do. My suggestion: don't do LEAP. It's insecure. Use another EAP method such as TTLS. Alan DeKok.