Ldap + EAP
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 22 16:41:53 CET 2007
Rafał Kamiński wrote:
> Hi,
>
> I set my freeradius with linksys and EAP, and when i use cert. that work
> fine. But when i want to use ldap without cert. in logs i see:
>
> rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
> length=119
> User-Name = "rka"
> NAS-IP-Address = 192.168.1.245
> Called-Station-Id = "001217694588"
> Calling-Station-Id = "0014a41e7112"
> NAS-Identifier = "001217694588"
> NAS-Port = 61
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x0201000801726b61
> Message-Authenticator = 0x935d96fb44fccc41767e4667570ff8f2
>
>
> All is oki, but my ldap need User-password, and next i see:
>
>
> Auth: Login incorrect: [rka/<no User-Password attribute>] (from client
> linksys port 61 cli 0014a41e7112)
>
>
> What i must change in ldap or ever to auth. users from wifi in ldap
> without User-password or with Password?
>
> BR,
>
Assuming you want the most common EAP type, PEAP/MS-CHAP, your LDAP
server must contain the users plaintext password or NT/LM hash, and you
must configure FreeRadius to extract this information and add it to the
configure items for a given request.
If your LDAP server does not contain a plaintext password or NT/LM
hashes, or you are unable to extract it, you cannot use EAP.
More information about the Freeradius-Users
mailing list