mschap and ldap auth-type together no more working

LALOT Dominique lalot at univ-aix.fr
Mon Jan 22 10:56:28 CET 2007 

I cleaned the auth-type in users file.
Everything is OK now on freeradius side. My second problem is the NAS 
sending a null port. That's not a freeradius problem.

Thanks

Dom

LALOT Dominique a écrit :
> Sorry,
>
> I didn't see your answer. I just got it via the archives.
> I explain a little bit more. We are using freeradius for VPN access, 
> which can be done using PPTP or IPSEC
> PPTP is done using mschap
> IPSEC is done using a shared group secret, then a classic ldap user 
> bind to check the identity.
>
> The ippool we use shall be common, so we can't split between to radius 
> configs.
>
> Our radiusd.conf was working for that without any problem for years, 
> just until we get a new release.
> freeradius      1.0.2-4sarge3   stable was OK
>
> Just moving, the behaviour changed
> I believe that there's somewhere a little difference that prevent a 
> working config:
>
> NOK  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
> then  rad_check_password:  Found Auth-Type ldap
>
> OK rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
> Then rad_check_password:  Found Auth-Type MS-CHAP
>
> I believe that mschap or MS-CHAP makes the difference.
>
> Dominique
>
> Alan DeKok a écrit :
>> LALOT Dominique wrote:
>>
>>   
>>> Before, I was able to do LDAP or MSCHAP automatically.
>>> I had and entry in users
>>> lalot Auth-Type := ldap
>>>     
>>
>>   That will prevent MS-CHAP from working. See:
>>
>> http://deployingradius.com/documents/protocols/oracles.html
>>
>>   The short answer is DON'T SET Auth-Type.
>>
>>   And don't do LDAP "bind as user" if you can help it.
>>
>>   Alan DeKok.
>> --
>>   http://deployingradius.com       - The web site of the book
>>   http://deployingradius.com/blog/ - The blog
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>   
>
> -- 
> Dominique LALOT
> Ingenieur Systeme et Reseaux
> http://annuaire.univmed.fr/showuser.php?uid=lalot
> ------------------------------------------------------------------------
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070122/a90bfcbd/attachment.html>

More information about the Freeradius-Users mailing list