Alan DeKok wrote:
Florian Prester <Florian.Prester@rrze.uni-erlangen.de> wrote:
I configured 2 ldap modules, one using a clear-text password for PEAP-TLS with MS-CHAPv2 or only CHAP authentication, and one retrieving a Crypt-Password for using PAP-Authentication.
Why? Just use the clear-text password to do all of the authentication. You're making work for yourself without any gain.
But how can I do PAP with a clear-text password?
group {
...
You're listing EAP in that group. DON'T.
Sorry, didn`t wanna do that! But I want to achieve that the authentication is first trying CHAP, then PAP and so on.
But it only takes the first entry, and if I switch the order of ldap-PAP and ldap-PEAP, so it should take ldap-PAP, therefore retrieve an Crypt-Password from the ldap-PAP-section it wants to use ldap for authentication!?!?!?
Yes.
How can I change that? I thought radius is taking that kind of authentication which request is comming in?! So I sniffed and there are comming different request: PAP: User-Password CHAP: CHAP-Password So how can I tell the radius to take the proper authentication and therefore a specific password using the LDAP profile? In LDAP the clear-text password is given as well as the crypt one?
What do I wrong?
You've made massive changes to the configuration files.
Stop using two LDAP instances. You don't need them. Use the default configuration, with one LDAP module in the places shown by the default configuration. It WILL work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am sorry, if I am annoying you, but I am kind of confused and do not know what to do anymore. Thanks Florian -- -------------------------------------------------------------- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Germany Tel.: +499131 8527813