EAP-TTLS + LDAP + PAP with encrypted password

wekz fbl.list at gmail.com
Mon Aug 7 18:51:46 CEST 2006


Thanks Alan.

I wanted to test your solution before replying. I've been trying it all day
but couldn't get it work. Something very strange is happening .

I've added, as you suggested, Auth-Type=PAP. I do that with a users-file at
the end of authorization module and I set password_header={sha} in my ldaps
modules ( I hope I won't be wrong ).

The problem is

                            rlm_pap: Attribute "Password" is required for
authentication.


I don't know why the client is not sending the password. I've been watching
packets with ethereal and can't see the password although I can see
username. I'm using Win XP + Secure W2.

Did it ever happen to you  something similar?

2006/8/4, Alan DeKok <aland at deployingradius.com>:
>
> wekz <fbl.list at gmail.com> wrote:
> >                      The user is authorized and the password is got from
> the
> > ldap (rlm_ldap: Adding userPassword as User-Password, value
> > {sha}rur+4yJuecpmc8vxS/8wAyAMNHM= & op=21)
>
>   In 1.1.x, you have to configure the "ldap" module to know about the
> "{sha}" password header.  See the "ldap" section of "modules".
>
> >                      And after matching the group Local in my
> users-file:
> >
> >                                  auth: type Local
> >                                  auth: user supplied User-Password does
> NOT
> > match local User-Password
> >                                  auth: Failed to validate the user.
>
>   Unfortunately, this is one of the few cases where you probably have
> to set Auth-Type = PAP.  Note that this is ONLY a 1.1.x limitation.
> The CVS head, and therefore 2.0 has that fixed.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>    http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060807/5a426b34/attachment.html>


More information about the Freeradius-Users mailing list