Freeradius as Authenticator

Florian Prester Florian.Prester at
Thu Aug 4 08:49:53 CEST 2005


after testing and reading a lot of documentation, I have some questions.

First my szenario:

    I want to use a freeradiusserver fpr authentication.
    The Users are stored in a LDAP-service.
    I have different user classes:
       1.) Dialin-users: using PAP
       2.) VPN-users: using PAP
       3.) WLAN-Users: should work with EAP-TTLS/PEAP and MSCHAPV2 of PAP

    Why PAP? because I have an unix-community to supply and we do not 
want to have cleartext-passwords anywhere in our network (I know with 
PAP the cleartextpassword is sent to the radiusserver! But the 
radiusserver has none!)

    With MSCHAP we are using the NT-password ( I know it is not realy 
crypted, but still better than cleartext!)

Now, how can I use PAP authentication with EAP-TTLS? - I read some mail 
before, but I still cannot get it working!! Meaning if I have an local 
user, defined in the useres.conf it works, but if I try to get the 
Informations from the LDAP-Server, the following error occours:
 rlm_ldap: user unrz148 authorized to use remote access
 Thu Aug  4 08:44:33 2005 : Debug: rlm_ldap: ldap_release_conn: Release 
Id: 0
 Thu Aug  4 08:44:33 2005 : Debug:   modsingle[authorize]: returned from 
ldap (rlm_ldap) for request 5
 Thu Aug  4 08:44:33 2005 : Debug:   modcall[authorize]: module "ldap" 
returns ok for request 5
 Thu Aug  4 08:44:33 2005 : Debug: modcall: group authorize returns ok 
for request 5
 Thu Aug  4 08:44:33 2005 : Debug:   rad_check_password:  Found 
Auth-Type LDAP
 Thu Aug  4 08:44:33 2005 : Debug: auth: type "LDAP"
 Thu Aug  4 08:44:33 2005 : Debug:   ERROR: Unknown value specified for 
Auth-Type.  Cannot
     perform   requested action.
 Thu Aug  4 08:44:33 2005 : Debug: auth: Failed to validate the user.

Any hints for me?

Also I have the problem with the difference between local and LDAP 
informations in generell.
If I use a local-user everything works fine.
If I use a LDAP-user he/she can authenticate, but later on the 
wpa_supplicant (supplicant fpr teh WLAN-users trying to do WPA) is 
accepting the authentication but not initiating the WPA-connection?
With local-users and the same client-configuration everything works fine?
Is it a problem within freeradius or wpa-supplicant??


Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg

Tel.: +499131 8527813

More information about the Freeradius-Users mailing list