a problem about radius and ldap
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 7 11:10:18 CET 2007
Ramazan Ulker wrote:
> rlm_eap: EAP_TYPE - md5
> rlm_eap: processing type md5
> rlm_eap_md5: No password configured for this user
> modcall[authenticate]: module "eap" returns invalid for request 1
> modcall: group authenticate returns invalid for request 1
> auth: Failed to validate the user.
EAP-MD5 needs the plaintext password.
> rad_check_password: Found Auth-Type ldap
> auth: type "LDAP"
> modcall: entering group authenticate for request 0
> rlm_ldap: - authenticate
> rlm_ldap: Attribute "User-Password" is required for authentication.
> modcall[authenticate]: module "ldap" returns invalid for request 0
> modcall: group authenticate returns invalid for request 0
> auth: Failed to validate the user.
rlm_ldap can only *AUTHENTICATE* PAP requests. Since you've over-ridden
Auth-Type (as you've been told not to) you're trying to force an EAP
request through it.
Don't set Auth-Type
If you want to use EAP-MD5, your LDAP directory will need to contain a
plaintext password and be configured to pass it to FreeRadius, because
EAP-MD5 needs the plaintext password. Do you have that?
More information about the Freeradius-Users
mailing list