pfSense + PPTP + FreeRADIUS + LDAP

Fabio Rampazzo Mathias fmathias at gmail.com
Tue Feb 2 17:24:42 CET 2010


Alan,

Thanks for quick response.

On Tue, Feb 2, 2010 at 12:29 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Fabio Rampazzo Mathias wrote:
> > I'm relative new to freeradius, and i'm trying to configure a PPTP VPN
> > on pfSense, authenticating in a FreeRADIUS with LDAP module. But, I'm
> > getting the following error :
> >
> > Found Auth-Type = LDAP
> > WARNING: Please update your configuration, and remove 'Auth-Type = Local'
> > WARNING: Use the PAP or CHAP modules instead.
> > No User-Password or CHAP-Password attribute in the request.
> > Cannot perform authentication.
> > Failed to authenticate the user.
> >
> > The authorize process works fine, but the authentication not. I can't
> > find "Auth-Type = Local" as it says. This is my access request :
>
>   Did you look in the configuration files for "Auth-Type = Local"?  Or
> in your database?
>
>
yes and couldn't find anything saying "Auth-Type = Local"...but I think this
isn't the most important problem. I've used "grep" to search.


>  And you posted only PART of the debug output.  Wy?
>
>
I've sent just a part of debug because I've thought this is the part which
really matters.
Is there any other you need ?


> > I've tried many of google searches troubleshooting MS-CHAP problems and
> > most of them is saying me to get a Cleartext-Password entry on my
> > database. But I can't consider this an option, because the security of
> > my accounts in LDAP would be extremely compromised.
>
>   Too bad.  You don't really have a choice.
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
>
Ok. This means that PPTP needs MS-CHAP auth, and MS-CHAP needs Clear
Password or NT Hash. How do I enable my FreeRADIUS to authenticate in LDAP
using NT Hash ? Is there a way to do this ?


>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

Att,
Fabio Rampazzo Mathias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100202/ed397894/attachment.html>


More information about the Freeradius-Users mailing list