Freeradius doesn't work with ldap

Alan DeKok aland at deployingradius.com
Tue Nov 13 16:20:28 CET 2007


Eduardo Lima wrote:
> Hi, I've been using Freeradius 1.1.3 

  Please upgrade to 1.1.7...

> with PEAP/MSCHAPv2 authentication
> with no problem. But now, I need to use it with LDAP too and it doesn't
> work at all.
> 
> The client is windows xp without a domain. The LDAP is for the email
> directory.
> 
> The user should type your user name (email) and password stored in LDAP.

  Can you retrieve the password from LDAP?  If so, it should be easy to
make it work.

> Probably, the error is in:
> 
>  Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 6
>   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>   rlm_mschap: Told to do MS-CHAPv2 for ducavalcanti with NT-Password
>   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

  Yes.

...
> [/etc/raddb/users]:10 WARNING! Check item "Simultaneous-Use" ?found in
> reply item list for user "cidadao". ?This attribute MUST go on the first
> line with the other check items

  You also want to fix this.  See "man users".

...
>   Processing the authorize section of radiusd.conf
...
> modcall: leaving group authorize (returns updated) for request 0

  And there are NO references to the LDAP module.

  i.e. you have not configured the server to read "known good" passwords
from LDAP.  See radiusd.conf for how to do this.

  Alan DeKok.



More information about the Freeradius-Users mailing list