Peap+TTLs and Ldap
Francisco Castanheiro
fdsc at di.fct.unl.pt
Thu Sep 21 23:21:11 CEST 2006
Hello,
i'm using freeradius to do the auth on a wireless network. My users
are in a Ldap directory that have both NT-Password and UserPassword,
i use ldap to auth linux users and samba+ldap to auth windows users.
I have PEAP and ttls set up in my config and some test users with
clear password in the users file, plus the ldap users. I have no
problems with ttls auth, both with ldap and "local" test users, but i
can't say the same about peap. When i try to use peap to auth a
"local" user it goes fine, but when the user is a ldap one it just
fails. I have the map between ldap and radius attributes setup.
I think that my ldap NT hashes are correct because i can use them to
auth my windows users with samba, but the only thing that i can see
that differs from both the scenarios that i described is that ttls
uses the "userpassword" attr and PEAP uses the NT-Password attr. And
i know that peap works when the password is clear, because it works
with the "local" test users.
Could some bad config do this behavior? Or could it be some problem
with my version of freeradius and my NT hashes?
I'm out of ideas. If my config or logs help i can post them.
Thanks for any help.
Regards
---
Francisco Castanheiro
Departamento de Informática
Faculdade de Ciências e Tecnologia - UNL
E-mail: fdsc at di.fct.unl.pt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060921/db117213/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060921/db117213/attachment.pgp>
More information about the Freeradius-Users
mailing list