After the manual's config, chap wont work with LDAP
Matt Juszczak
matt at atopia.net
Fri Dec 16 22:31:35 CET 2005
>> Hi all,
>>
>> We've got our freeradius servers working with LDAP fine, except for
>> CHAP. Originally, the logs were saying "Invalid user \\user", but we
>> fixed that by enabling an option in radiusd.conf.
>>
>> Now, when we dial up without encrypted password enabled, the
>> connection comes through successfully. However, when we enable the
>> encrypted password option and try again, we get:
>>
>> Thu Dec 15 18:12:52 2005 : Auth: Login incorrect (rlm_ldap: empty
>> password supplied): [username/] (from client 123.123.123.123 port
>> 3088 cli 2125550404)
>>
>> Its saying the password is empty, but we are indeed using a password.
>>
>> Does anyone have any ideas? We've followed the instructions in the
>> FAQ (CHAP above LDAP in the authorize section, no := Auth-Type,
>> etc.)..... it just doesn't seem to want to recognize that a password
>> is being entered.
>>
>> For the record, no query hits the LDAP server during a CHAP
>> authentication...... so its obviously something with the config of
>> freeradius.
>
We've narrowed the problem down. When a user with Windows XP connects
using CHAP, we get a successful connection with CHAP. However, a user
using Windows ME or Windows 98 with "use encrypted password" are the
ones causing the above error and not working.
-Matt
More information about the Freeradius-Users
mailing list