Peap+TTLs and Ldap
Francisco Castanheiro
fdsc at di.fct.unl.pt
Mon Sep 25 00:15:36 CEST 2006
I solved my problem... for some reason PEAP only works with LDAP
users if the following line is present in the peap section of eap.conf:
copy_request_to_tunnel = yes
The default config from red hat ES4 doesn't have this line, not even
as commentary....
Regards
On Sep 21, 2006, at 22:21, Francisco Castanheiro wrote:
> Hello,
> i'm using freeradius to do the auth on a wireless network. My users
> are in a Ldap directory that have both NT-Password and
> UserPassword, i use ldap to auth linux users and samba+ldap to auth
> windows users.
>
> I have PEAP and ttls set up in my config and some test users with
> clear password in the users file, plus the ldap users. I have no
> problems with ttls auth, both with ldap and "local" test users, but
> i can't say the same about peap. When i try to use peap to auth a
> "local" user it goes fine, but when the user is a ldap one it just
> fails. I have the map between ldap and radius attributes setup.
> I think that my ldap NT hashes are correct because i can use them
> to auth my windows users with samba, but the only thing that i can
> see that differs from both the scenarios that i described is that
> ttls uses the "userpassword" attr and PEAP uses the NT-Password
> attr. And i know that peap works when the password is clear,
> because it works with the "local" test users.
>
> Could some bad config do this behavior? Or could it be some problem
> with my version of freeradius and my NT hashes?
>
> I'm out of ideas. If my config or logs help i can post them.
>
> Thanks for any help.
>
> Regards
>
> ---
> Francisco Castanheiro
> Departamento de Informática
> Faculdade de Ciências e Tecnologia - UNL
> E-mail: fdsc at di.fct.unl.pt
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
---
Francisco Castanheiro
Departamento de Informática
Faculdade de Ciências e Tecnologia - UNL
E-mail: fdsc at di.fct.unl.pt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060924/a02ed06e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060924/a02ed06e/attachment.pgp>
More information about the Freeradius-Users
mailing list