NT/LM password from LDAP (PAP works, MSCHAP doesn't).
Lech Karol Pawłaszek
ike at szluug.org
Wed Jan 13 22:00:38 CET 2010
On 1/13/10 5:06 PM, Alan DeKok wrote:
> Lech Karol Pawłaszek wrote:
>> Right now I'm deploying (yes. at this particular moment!) IPsec/L2TP VPN
>> which will be utilizing RADIUS via ppp connection. And for PAP it works
>> nice. However MSCHAP doesn't want to work. I'm kinda lost because EAP
>> connection uses MSCHAP(v2) as well and this one works flawlessly.
>>
>> ;-) Am I missing something? I believe it should work. Or it cannot?
>>
>> I've attached FreeRADIUS' logfile. Any pointers/hints much appreciated.
>
> The Access-Request doesn't contain any MS-CHAP attributes. The server
> cannot do MS-CHAP.
Thanks! I don't know how I've missed that. The problem was with
radiusclient-ng's dictionary.microsoft file.
For the reference there is a nice howto on the poptop page:
http://poptop.sourceforge.net/dox/skwok/poptop_ads_howto_8.htm
Now IPsec/L2TP works with RADIUS (using MS-CHAPv2), which is connected
to a LDAP, which stores users' passwords in NT/LM hashes. Great success.
;-) Thanks again Alan for the awesome FreeRADIUS.
Kind regards,
--
Lech Karol Pawłaszek <ike>
"You will never see me fall from grace" [KoRn]
More information about the Freeradius-Users
mailing list