Connecting freeRadius to openLDAP

Eric Bourkland eric.bourkland at trustedconcepts.com
Tue Jul 21 18:47:38 CEST 2009


Yes, I am trying to do MSCHAPv2 from the laptop.  
If the below is true why am I able to do a successful Radtest user password server 0 secret on the radius server?
I believe the password is plain text but I'm not 100% positive, I am able to connect other software such as Confluence to it with open passwords.

Thanks,


----- Original Message -----
From: "Phil Mayers" <p.mayers at imperial.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, July 21, 2009 12:35:42 PM GMT -05:00 US/Canada Eastern
Subject: Re: Connecting freeRadius to openLDAP

Eric Bourkland wrote:

> I can attach any of my config files but what I have done is rebuilt a
> whole new server RHEL4.7-ES, with freeRadius v2.1.6 installed. with

In all probability, your LDAP database either:

  1. Does not contain the plaintext password, or NT/LM hash.
  2. Does not give the plaintext password or NT/LM hash to FreeRadius 
because of LDAP ACLs.

...and you are trying to do PEAP/MSCHAPv2. If so, you need to correct 
this, because PEAP/MSCHAPv2 requires either:

  1. FreeRadius have the plaintext password
  2. FreeRadius have the NT/LM hash
  3. FreeRadius be able to call an RPC on a domain controller (via the 
"ntlm_auth" helper config option on the "mschap" module)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list