ClearText-Password?
Stefan Winter
stefan.winter at restena.lu
Mon Mar 3 14:46:22 CET 2008
Hi,
> rad_recv: Access-Request packet from host 138.253.XXX.XXX port 47032,
> id=195, length=49 User-Name = "user"
> User-Password = "passwd"
> NAS-IP-Address = 138.253.XXX.XXX
There. No MS-CHAP-Challenge. You are not supposed to process this packet with
the rlm_mschap module. Why does it fail? ...
> Config:
>
> users:
>
> DEFAULT Auth-Type = mschap
> Acct-Session-Id = "Local",
> Fall-Through = Yes
Write a hundred times on the blackboard: "I will not set Auth-Type." The
server will figure out itself what to do. In this case, PAP.
> If I don’t force MSCHAP in users, how else do I get the user checked
> against AD when the only place ntlm_auth is called is inside the mschap
> module?
You configure your AD server in the ldap {} section and uncomment the ldap
stanzas in authorize and authenticate. You don't call ntlm_auth then, and
that is because you don't need ntlm_auth - user authentication is done with
an LDAP bind() operation with the user credentials.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080303/5b8a17f1/attachment.pgp>
More information about the Freeradius-Users
mailing list