openLDAP & freeRADIUS

William E. Russell wrussell at
Mon Jun 30 21:27:26 CEST 2008


Sorry about before, I thought there was a simple thing I could fix.

I have verified that PEAP was working with "users" file. It took a while
(well before I wrote to this list about it) but I got working perfect - if I
go back to that it works.

Can you explain how I would get step 2 to work? How do I verify it isn't
binding as user?

And I believe step 3 is success for me, if I am not mistaken, so if you
could provide a little expertise here it would be much appreciated. Thank

William E. W. Russell
Member of Technical Staff (Software Development)
198 Brighton Avenue
Long Branch, New Jersey 07740
Home #: 732-752-2037
Cell #: 732-744-6483

-----Original Message-----
From: at
[ at lists.freeradius.o
rg] On Behalf Of Alan DeKok
Sent: Thursday, June 26, 2008 4:36 AM
To: FreeRadius users mailing list
Subject: Re: openLDAP & freeRADIUS

William E. Russell wrote:
> 	I have correctly set up freeRADIUS to read from my openLDAP. I can't
> seem to authenticate my user. I have narrowed down the error to a single
> line, "rlm_eap_mschapv2: Invalid response type 4". From my hours of
> searching online, I have realized that all this means is that there was an
> error in the response packet.

  Code 4 is MS-CHAP failure.  It means that the client told the server
it didn't like the previous packet.

> I have no idea what error could have occurred.
> I believe it may have to do with the password_attribute. I read something
> documentation that said there was some issue with LDAP and passing a
> cleartext password. Also, as you can see, I am using EAP/PEAP with MSCHAP.
> Any body have any insight in to this type of thing? If I could just get
> help on how to set up the LDAP and RADIUS, that would be great - I have
> just about every single tutorial so please don't direct me to one of
> I need someone who has a similar set up - what did you use for password
> attribute?


  Step 1: Get PEAP working with an entry in the "users" file.
  Step 2: Get LDAP working with PAP (radclient).  Verify that it
          is NOT doing "bind as user"
  Step 3: Verify that PEAP works against LDAP.

  PLEASE show the debug output.  The reason we ask for it is because it
is the DEFINITIVE explanation of what's going on, and the ONLY way to
help you solve the problem.

  Alan DeKok.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list