openLDAP & freeRADIUS

[Ivan Kalik]

>Below is the whole output.
>I have two questions: 1. Is this correct because I kinda think this is the
>problem. --> peap {
>	default_eap_type = "mschapv2"
>	copy_request_to_tunnel = yes
>	use_tunneled_reply = yes
>	proxy_tunneled_request_as_eap = yes
>   }
>
>2. How can I tell what MSCHAPv2 didn't like about the previous packet? I
>still believe it is a password styled issue. I have tried NT hash,
>cleartext, etc. nothing works.
>
>Any help would be greatly appriecated! Thanks.
>
>
>Starting - reading configuration files ...
>including configuration file /usr/local/etc/raddb/radiusd.conf
>including configuration file /usr/local/etc/raddb/proxy.conf
>including configuration file /usr/local/etc/raddb/clients.conf
>including configuration file /usr/local/etc/raddb/snmp.conf
>including configuration file /usr/local/etc/raddb/eap.conf
>including configuration file /usr/local/etc/raddb/sql.conf
>including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
>including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
>including configuration file /usr/local/etc/raddb/policy.conf
>including files in directory /usr/local/etc/raddb/sites-enabled/
>including configuration file /usr/local/etc/raddb/sites-enabled/default
>including dictionary file /usr/local/etc/raddb/dictionary

Something is not right here. What version is this? Inner-tunnel virtual
server is missing both in configuration and in peap section. And that's
where mschap should be processed. set_auth_type in ldap should also be
set to no in your case. Don't provide User-Password (it only creates
problems; Cleartext-Password should be used), NT-Password is enough.

As a general point, I don't see Cleartext-Password in default
ldap.attrmap (2.0.5). Perhaps mapping should be added?

Ivan Kalik
Kalik Informatika ISP