After the manual's config, chap wont work with LDAP
Matt Juszczak
matt at atopia.net
Fri Dec 16 17:22:35 CET 2005
>
> To do CHAP, you must have:
>
> 1. The PLAINTEXT password in the LDAP server
> 2. The Radius server permitted to read that attribute
> 3. The ldap module configured to put whatever that attribute is
> (usually userPassword) into the radius "User-Passord", using the
> "password_attribute" option of the ldap module
> 4. "chap" above "pap" in the authorize (which you've got)
> 5. "chap" anywhere in authenticate
Hiya,
We have all of those set. The password is stored plain text in
userPassword. The radius server has read access to that attribute. The
ldap module is configured in radiusd.conf for that attribute. Chap is
above pap, and chap is also in authenticate {}.
The password is still showing up as "blank" when they dial up, before it
even hits the LDAP server. Is there debugging output I could send you
that might help with this?
Regards,
Matt
More information about the Freeradius-Users
mailing list