ClearText-Password?

Stefan Winter stefan.winter at restena.lu
Mon Mar 3 14:46:22 CET 2008


Hi,

> rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032,
> id=195, length=49 User-Name = "user"
>         User-Password = "passwd"
>         NAS-IP-Address = 138.253.XXX.XXX

There. No MS-CHAP-Challenge. You are not supposed to process this packet with 
the rlm_mschap module. Why does it fail? ...

> Config:
>
> users:
>
> DEFAULT Auth-Type = mschap
>         Acct-Session-Id = "Local",
>         Fall-Through = Yes

Write a hundred times on the blackboard: "I will not set Auth-Type." The 
server will figure out itself what to do. In this case, PAP.

> If I don’t force MSCHAP in users, how else do I get the user checked
> against AD when the only place ntlm_auth is called is inside the mschap
> module?

You configure your AD server in the ldap {} section and uncomment the ldap  
stanzas in authorize and authenticate. You don't call ntlm_auth then, and 
that is because you don't need ntlm_auth - user authentication is done with 
an LDAP bind() operation with the user credentials.

Greetings,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080303/5b8a17f1/attachment.pgp>


More information about the Freeradius-Users mailing list