can peap and ttls live together?

Sergio Belkin sebelk at gmail.com
Tue Apr 29 16:13:50 CEST 2008 

2008/4/29 Ivan Kalik <tnt at kalik.net>:
> >
>  >  rlm_mschap: No Cleartext-Password configured.  Cannot create LM-Password.
>  >  rlm_mschap: No Cleartext-Password configured.  Cannot create NT-Password.
>  >  rlm_mschap: Told to do MS-CHAPv2 for pepepe with NT-Password
>  >  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
>  >  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>  ..
>
> >
>  >I am setting userPassword in cleartext with Luma  for LDAP
>  >(http://luma.sourceforge.net/ ). What's wrong?
>  >
>
>  You have configured wrong password attribute (read the debug you have
>  posted and ldap.attrmap). userPassword maps to User-Password not
>  Cleartext-Password.
>
>  Ivan Kalik
>  Kalik Informatika ISP
>
>
>
>  -
>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

Thanks Ivan, I don't found userPassword, does $GENERIC$ have to do with it?

This is my ldap.attr,map (I didn't edit):

checkItem   $GENERIC$         radiusCheckItem
replyItem   $GENERIC$         radiusReplyItem

checkItem   Auth-Type         radiusAuthType
checkItem   Simultaneous-Use     radiusSimultaneousUse
checkItem   Called-Station-Id    radiusCalledStationId
checkItem   Calling-Station-Id      radiusCallingStationId
checkItem   LM-Password       lmPassword
checkItem   NT-Password       ntPassword
checkItem   LM-Password       sambaLmPassword
checkItem   NT-Password       sambaNtPassword
checkItem   SMB-Account-CTRL-TEXT      acctFlags
checkItem   Expiration        radiusExpiration
checkItem   NAS-IP-Address       radiusNASIpAddress

replyItem   Service-Type         radiusServiceType
replyItem   Framed-Protocol         radiusFramedProtocol
replyItem   Framed-IP-Address    radiusFramedIPAddress
replyItem   Framed-IP-Netmask    radiusFramedIPNetmask
replyItem   Framed-Route         radiusFramedRoute
replyItem   Framed-Routing       radiusFramedRouting
replyItem   Filter-Id         radiusFilterId
replyItem   Framed-MTU        radiusFramedMTU
replyItem   Framed-Compression      radiusFramedCompression
replyItem   Login-IP-Host        radiusLoginIPHost
replyItem   Login-Service        radiusLoginService
replyItem   Login-TCP-Port       radiusLoginTCPPort
replyItem   Callback-Number         radiusCallbackNumber
replyItem   Callback-Id       radiusCallbackId
replyItem   Framed-IPX-Network      radiusFramedIPXNetwork
replyItem   Class          radiusClass
replyItem   Session-Timeout         radiusSessionTimeout
replyItem   Idle-Timeout         radiusIdleTimeout
replyItem   Termination-Action      radiusTerminationAction
replyItem   Login-LAT-Service    radiusLoginLATService
replyItem   Login-LAT-Node       radiusLoginLATNode
replyItem   Login-LAT-Group         radiusLoginLATGroup
replyItem   Framed-AppleTalk-Link      radiusFramedAppleTalkLink
replyItem   Framed-AppleTalk-Network   radiusFramedAppleTalkNetwork
replyItem   Framed-AppleTalk-Zone      radiusFramedAppleTalkZone
replyItem   Port-Limit        radiusPortLimit
replyItem   Login-LAT-Port       radiusLoginLATPort
replyItem   Reply-Message        radiusReplyMessage



-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -

More information about the Freeradius-Users mailing list