a problem about radius and ldap

Phil Mayers p.mayers at imperial.ac.uk
Wed Feb 7 11:10:18 CET 2007


Ramazan Ulker wrote:

> rlm_eap: EAP_TYPE - md5
> rlm_eap: processing type md5
> rlm_eap_md5: No password configured for this user
> modcall[authenticate]: module "eap" returns invalid for request 1
> modcall: group authenticate returns invalid for request 1
> auth: Failed to validate the user.


EAP-MD5 needs the plaintext password.


> rad_check_password: Found Auth-Type ldap
> auth: type "LDAP"
> modcall: entering group authenticate for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group authenticate returns invalid for request 0
> auth: Failed to validate the user.

rlm_ldap can only *AUTHENTICATE* PAP requests. Since you've over-ridden 
Auth-Type (as you've been told not to) you're trying to force an EAP 
request through it.

Don't set Auth-Type

If you want to use EAP-MD5, your LDAP directory will need to contain a 
plaintext password and be configured to pass it to FreeRadius, because 
EAP-MD5 needs the plaintext password. Do you have that?



More information about the Freeradius-Users mailing list