Big Problem with peap-mschapv2+freeradius 1.1.7

Alan DeKok aland at deployingradius.com
Thu Aug 16 15:45:27 CEST 2007


Christian Frank wrote:
> I have a big problem with my radius setup. I want to authenticate
> my users with peap+mschapv2. The radius backend is an ldap server.

  Does the LDAP server contain a clear-text or NT hashed password for
the user?

> I have this setup working with Freeradius 1.0.1 on Redhat 4 ES.
> 
> But after upgrading to 1.1.7 this setup does not work anymore.
> I configured my radius/eap/client config file the same way like the old file was.

  Are you sure?  The configurations are similar, but not identical.

> rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
> rlm_ldap: checking if remote access for cfra is allowed by uid
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user cfra authorized to use remote access

  BUT there was no "known good" password for the user found in LDAP.
That's why authentication is failing.

  Alan DeKok.



More information about the Freeradius-Users mailing list