Alan, Thanks for the response.
Do you mean EAP-MD5? I'm not sure what MD5-Challenge is...
Yes - EAP-MD5, The windows side (supplicant) is set to MD5-Challenge
I did get EAP to work when I supply the User-Password attribute in the users file, but I would like LDAP to fetch this if it is possible.
If you're using LDAP, it should be doing that already.
I don't think it is configured right. So far I have been using LDAP for groupmembership searches only. How do you tell LDAP to fetch User-Password attribute?
If I remove the User-Password attribute in the users file, the dubug out shows: User-Password is required for EAP-MD5 authenitication.
Are you getting the User-Password attribute from LDAP? The debug log should show this.
Username Password Domain
If you supply all three values, the debug shows:
Identity does not match user-name
You're re-writing the User-Name attribute somewhere. Again, the debug log will show this.
I didn't see anything in the log. If I provide the domainname debug shows username as domain\\username, LDAP shows it as domain\username, and rlm_eap complains about Identity not matching. -Robert Graham
participants (1)
-
Graham, Robert