freeradius EAP/PEAP and LDAP
Vladimir Vuksan
vlists at veus.hr
Wed Sep 21 04:13:42 CEST 2005
François Dagorn wrote:
> I'm trying to configure a secured Wireless network, so I want to use
> EAP/PEAP/LDAP for
> authentication and then try WPA to crypt sessions. As a beginner, I'm
> doing that step
> by step. So I've done the following :
>
> - set up a freeradius server and test it with a simple radius
> client. That's ok, the LDAP
> server is called to check authorizations and then authenticate. In
> this case I can see
> "Found Auth-Type LDAP" in the radiusd -x logs.
>
> - then try using the full stuffs (XP client, Aironet AP, freeradius)
> ...
> "Tunneled data is valid" , "Setting User-Name to ...", but
> unfortunately
> the process is unable to valid the password , the error is as
> follows :
>
> "rlm_mschap: Told to do MS-CHAPv2 for xxx with NT-PAssword"
> "FAILED: No NT/LM-Password". In this case before I can see
> "rad_check_password: Found Auth-Type EAP" looks like LDAP has
> been forgotten ?
You have to have NT/LM hashes in the LDAP database if you want to do
PEAP. Apparently you don't have them. Please read
http://vuksan.com/linux/dot1x/802-1x-LDAP.html
More information about the Freeradius-Users
mailing list