Hello all, I'm trying to configure a secured Wireless network, so I want to use EAP/PEAP/LDAP for authentication and then try WPA to crypt sessions. As a beginner, I'm doing that step by step. So I've done the following : - set up a freeradius server and test it with a simple radius client. That's ok, the LDAP server is called to check authorizations and then authenticate. In this case I can see "Found Auth-Type LDAP" in the radiusd -x logs. - then try using the full stuffs (XP client, Aironet AP, freeradius) ... "Tunneled data is valid" , "Setting User-Name to ...", but unfortunately the process is unable to valid the password , the error is as follows : "rlm_mschap: Told to do MS-CHAPv2 for xxx with NT-PAssword" "FAILED: No NT/LM-Password". In this case before I can see "rad_check_password: Found Auth-Type EAP" looks like LDAP has been forgotten ? Any help would be appreciated ! -- François
=?ISO-8859-1?Q?Fran=E7ois_Dagorn?= <francois.dagorn@univ-rennes1.fr> wrote:
the process is unable to valid the password , the error is as follows :
"rlm_mschap: Told to do MS-CHAPv2 for xxx with NT-PAssword" "FAILED: No NT/LM-Password". In this case before I can see "rad_check_password: Found Auth-Type EAP" looks like LDAP has been forgotten ?
No. But LDAP needs to supply FreeRADIUS with a clear-text password for the user. It's not doing that. Auth-Type := LDAP won't work for PEAP. Alan DeKok.
François Dagorn wrote:
I'm trying to configure a secured Wireless network, so I want to use EAP/PEAP/LDAP for authentication and then try WPA to crypt sessions. As a beginner, I'm doing that step by step. So I've done the following :
- set up a freeradius server and test it with a simple radius client. That's ok, the LDAP server is called to check authorizations and then authenticate. In this case I can see "Found Auth-Type LDAP" in the radiusd -x logs.
- then try using the full stuffs (XP client, Aironet AP, freeradius) ... "Tunneled data is valid" , "Setting User-Name to ...", but unfortunately the process is unable to valid the password , the error is as follows :
"rlm_mschap: Told to do MS-CHAPv2 for xxx with NT-PAssword" "FAILED: No NT/LM-Password". In this case before I can see "rad_check_password: Found Auth-Type EAP" looks like LDAP has been forgotten ? You have to have NT/LM hashes in the LDAP database if you want to do PEAP. Apparently you don't have them. Please read
participants (3)
-
Alan DeKok -
François Dagorn -
Vladimir Vuksan