Freeradius as Authenticator
Florian.Prester at rrze.uni-erlangen.de
Thu Aug 4 08:49:53 CEST 2005
after testing and reading a lot of documentation, I have some questions.
First my szenario:
I want to use a freeradiusserver fpr authentication.
The Users are stored in a LDAP-service.
I have different user classes:
1.) Dialin-users: using PAP
2.) VPN-users: using PAP
3.) WLAN-Users: should work with EAP-TTLS/PEAP and MSCHAPV2 of PAP
Why PAP? because I have an unix-community to supply and we do not
want to have cleartext-passwords anywhere in our network (I know with
PAP the cleartextpassword is sent to the radiusserver! But the
radiusserver has none!)
With MSCHAP we are using the NT-password ( I know it is not realy
crypted, but still better than cleartext!)
Now, how can I use PAP authentication with EAP-TTLS? - I read some mail
before, but I still cannot get it working!! Meaning if I have an local
user, defined in the useres.conf it works, but if I try to get the
Informations from the LDAP-Server, the following error occours:
rlm_ldap: user unrz148 authorized to use remote access
Thu Aug 4 08:44:33 2005 : Debug: rlm_ldap: ldap_release_conn: Release
Thu Aug 4 08:44:33 2005 : Debug: modsingle[authorize]: returned from
ldap (rlm_ldap) for request 5
Thu Aug 4 08:44:33 2005 : Debug: modcall[authorize]: module "ldap"
returns ok for request 5
Thu Aug 4 08:44:33 2005 : Debug: modcall: group authorize returns ok
for request 5
Thu Aug 4 08:44:33 2005 : Debug: rad_check_password: Found
Thu Aug 4 08:44:33 2005 : Debug: auth: type "LDAP"
Thu Aug 4 08:44:33 2005 : Debug: ERROR: Unknown value specified for
perform requested action.
Thu Aug 4 08:44:33 2005 : Debug: auth: Failed to validate the user.
Any hints for me?
Also I have the problem with the difference between local and LDAP
informations in generell.
If I use a local-user everything works fine.
If I use a LDAP-user he/she can authenticate, but later on the
wpa_supplicant (supplicant fpr teh WLAN-users trying to do WPA) is
accepting the authentication but not initiating the WPA-connection?
With local-users and the same client-configuration everything works fine?
Is it a problem within freeradius or wpa-supplicant??
Dipl. Inf. Florian Prester
Regionales RechenZentrum Erlangen
Tel.: +499131 8527813
More information about the Freeradius-Users