FW: Re: EAP problem

Graham, Robert rgraham at mem-ins.com
Thu Jun 30 15:55:49 CEST 2005

Alan, Thanks for the response.

> Do you mean EAP-MD5?  I'm not sure what MD5-Challenge is...

Yes - EAP-MD5, The windows side (supplicant) is set to MD5-Challenge

>> I did get EAP to work when I supply the User-Password attribute in the users file, but I would like LDAP to fetch this if it is possible.

>  If you're using LDAP, it should be doing that already.

I don't think it is configured right.  So far I have been using LDAP for groupmembership searches only.  How do you tell LDAP to fetch User-Password attribute?

>> If I remove the User-Password attribute in the users file, the dubug out
>> shows:  User-Password is required for EAP-MD5 authenitication.

  Are you getting the User-Password attribute from LDAP?  The debug
log should show this.

>> Username
>> Password
>> Domain
>> If you supply all three values, the debug shows:
>> Identity does not match user-name

>  You're re-writing the User-Name attribute somewhere.  Again, the debug log will show this.

I didn't see anything in the log.  If I provide the domainname debug shows username as domain\\username,  LDAP shows it as domain\username, and rlm_eap complains about Identity not matching.

-Robert Graham

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050630/1afec563/attachment.html>

More information about the Freeradius-Users mailing list