can peap and ttls live together?
Ivan Kalik
tnt at kalik.net
Tue Apr 29 17:04:25 CEST 2008
You need to add the entry for Cleartext-Password. Something like:
checkItem Cleartext-Password clrtxtPassword
Ivan Kalik
Kalik Informatika ISP
Dana 29/4/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
>2008/4/29 Ivan Kalik <tnt at kalik.net>:
>> >
>> > rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
>> > rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
>> > rlm_mschap: Told to do MS-CHAPv2 for pepepe with NT-Password
>> > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
>> > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>> ..
>>
>> >
>> >I am setting userPassword in cleartext with Luma for LDAP
>> >(http://luma.sourceforge.net/ ). What's wrong?
>> >
>>
>> You have configured wrong password attribute (read the debug you have
>> posted and ldap.attrmap). userPassword maps to User-Password not
>> Cleartext-Password.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>
>
>Thanks Ivan, I don't found userPassword, does $GENERIC$ have to do with it?
>
>This is my ldap.attr,map (I didn't edit):
>
>checkItem $GENERIC$ radiusCheckItem
>replyItem $GENERIC$ radiusReplyItem
>
>checkItem Auth-Type radiusAuthType
>checkItem Simultaneous-Use radiusSimultaneousUse
>checkItem Called-Station-Id radiusCalledStationId
>checkItem Calling-Station-Id radiusCallingStationId
>checkItem LM-Password lmPassword
>checkItem NT-Password ntPassword
>checkItem LM-Password sambaLmPassword
>checkItem NT-Password sambaNtPassword
>checkItem SMB-Account-CTRL-TEXT acctFlags
>checkItem Expiration radiusExpiration
>checkItem NAS-IP-Address radiusNASIpAddress
>
>replyItem Service-Type radiusServiceType
>replyItem Framed-Protocol radiusFramedProtocol
>replyItem Framed-IP-Address radiusFramedIPAddress
>replyItem Framed-IP-Netmask radiusFramedIPNetmask
>replyItem Framed-Route radiusFramedRoute
>replyItem Framed-Routing radiusFramedRouting
>replyItem Filter-Id radiusFilterId
>replyItem Framed-MTU radiusFramedMTU
>replyItem Framed-Compression radiusFramedCompression
>replyItem Login-IP-Host radiusLoginIPHost
>replyItem Login-Service radiusLoginService
>replyItem Login-TCP-Port radiusLoginTCPPort
>replyItem Callback-Number radiusCallbackNumber
>replyItem Callback-Id radiusCallbackId
>replyItem Framed-IPX-Network radiusFramedIPXNetwork
>replyItem Class radiusClass
>replyItem Session-Timeout radiusSessionTimeout
>replyItem Idle-Timeout radiusIdleTimeout
>replyItem Termination-Action radiusTerminationAction
>replyItem Login-LAT-Service radiusLoginLATService
>replyItem Login-LAT-Node radiusLoginLATNode
>replyItem Login-LAT-Group radiusLoginLATGroup
>replyItem Framed-AppleTalk-Link radiusFramedAppleTalkLink
>replyItem Framed-AppleTalk-Network radiusFramedAppleTalkNetwork
>replyItem Framed-AppleTalk-Zone radiusFramedAppleTalkZone
>replyItem Port-Limit radiusPortLimit
>replyItem Login-LAT-Port radiusLoginLATPort
>replyItem Reply-Message radiusReplyMessage
>
>
>
>--
>--
>Open Kairos http://www.openkairos.com
>Watch More TV http://sebelk.blogspot.com
>Sergio Belkin -
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list