EAP-PEAP GTC auth_type
Fajar A. Nugraha
fajar at fajar.net
Wed Feb 25 11:50:27 CET 2009
tnt at kalik.net wrote:
>> but using LDAP user with auth_type = PAP in gtc section does not work
>> #==============================================
>> Found Auth-Type = EAP
>> +- entering group authenticate {...}
>> [eap] Request found, released from the list
>> [eap] EAP/gtc
>> [eap] processing type gtc
>> [gtc] +- entering group PAP {...}
>> [pap] login attempt with password "<My LDAP password here>"
>>
>
> That's not "your LDAP password". That's the password from the
> User-Password field in the request.
>
>
It was the same as my LDAP password :)
Reading eap.conf again you're right though, that's the password from the
User-Password field in the request. Which means that gtc receives the
password correctly as plain-text.
>> [pap] No password configured for the user. Cannot do authentication
>> ++[pap] returns fail
>> [eap] Handler failed in EAP/gtc
>> [eap] Failed in EAP select
>> ++[eap] returns invalid
>> Failed to authenticate the user.
>> Login incorrect: [<My LDAP user here>] (from client <My client name
>> here> port 0 via TLS tunnel)
>> #==============================================
>>
>
> And where is the part of the debug that shows what ldap did?
>
>
Here's a complete debug log from radius startup tested with radtest,
with user and pasword masked. This works correctly.
http://pastebin.com/f11606cc2
Here's a complete debug log from radius startup tested with wifi client,
same user and password, same config files. Somehow in this config LDAP
never got to bind as my user.
http://pastebin.com/f37aaf2b2
Regards,
Fajar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3242 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/a1be16af/attachment.bin>
More information about the Freeradius-Users
mailing list