mschap and ldap auth-type together no more working
LALOT Dominique
lalot at univ-aix.fr
Mon Jan 22 09:14:39 CET 2007
Sorry,
I didn't see your answer. I just got it via the archives.
I explain a little bit more. We are using freeradius for VPN access,
which can be done using PPTP or IPSEC
PPTP is done using mschap
IPSEC is done using a shared group secret, then a classic ldap user bind
to check the identity.
The ippool we use shall be common, so we can't split between to radius
configs.
Our radiusd.conf was working for that without any problem for years,
just until we get a new release.
freeradius 1.0.2-4sarge3 stable was OK
Just moving, the behaviour changed
I believe that there's somewhere a little difference that prevent a
working config:
NOK rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
then rad_check_password: Found Auth-Type ldap
OK rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
Then rad_check_password: Found Auth-Type MS-CHAP
I believe that mschap or MS-CHAP makes the difference.
Dominique
Alan DeKok a écrit :
> LALOT Dominique wrote:
>
>
>> Before, I was able to do LDAP or MSCHAP automatically.
>> I had and entry in users
>> lalot Auth-Type := ldap
>>
>
> That will prevent MS-CHAP from working. See:
>
> http://deployingradius.com/documents/protocols/oracles.html
>
> The short answer is DON'T SET Auth-Type.
>
> And don't do LDAP "bind as user" if you can help it.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
--
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070122/861a85c7/attachment.html>
More information about the Freeradius-Users
mailing list