FR and PEAP question

Ivan Kalik tnt at kalik.net
Wed Jun 11 17:10:29 CEST 2008


>In ldap.attrmap I have the line:
>checkItem  NT-Password                     ntPassword
>
>in radiusd.conf in my ldap declaration, I have:
>password_attribute = ntPassword 
>
And that would work if you were using pap module. But you are using
mschap. That one looks for cleartext password first. If it doesn't find
it tries nt stuff.


And you have an encrypted User-Password here. Delete that ...

>Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: Added User-Password = ĂĽ,ÂŹgA??"J;???ÂŚĂ‹m in check items

.. and server will use this one:

>Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: looking for check items in directory...
>Wed Jun 11 09:42:02 2008 : Debug: rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0xe52cac67419a9a224a3b108f3fa6cb6d

And you won't see any of this:

>Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>Wed Jun 11 09:42:02 2008 : Debug: !!!    Replacing User-Password in config items with Cleartext-Password.     !!!
>Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>Wed Jun 11 09:42:02 2008 : Debug: !!! Please update your configuration so that the "known good"               !!!
>Wed Jun 11 09:42:02 2008 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
>Wed Jun 11 09:42:02 2008 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>Wed Jun 11 09:42:02 2008 : Debug: auth: type Local

On top of that - what happened to the eap module? It should be called
before files. You haven't commented that out by any chance?

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list