Help migrating from 1.1.7 to 2.1.10 - clear text password being lost
John Hayward
john.hayward at wheaton.edu
Thu Mar 10 19:48:26 CET 2011
Hi Radius Fans,
I am trying to move our current environment from 1.1.7 to 2.1.10 and are having a problem getting things to work.
We have a Novell NDSLdap server which provides clear text passwords for Novell users.
We are using peap-mschapv2.
In looking at the logs and Eap-Messages we see:
response 01 identity (username) -> server
The server looks up the user in ndsldap and:
Info: [ldap] Added the eDirectory password (password removed) in check items as Cleartext-Password
Then the server sends a request 02 to use EAP-TLS
There are a series of responses (mostly appear to be ack) and requests to get the tunnel setup
which succeeds.
Near the end the client sends a response (ID=8) which is a response to the mschap2 challenge.
When the server is processing this response it reports:
Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password.
I put in some additional debugging and found that address of the request->config_item has changed from when the ldap module put the cleartext password in as a pair and when the mschap module attempts to remove it.
The ldap module is called in authorize and the mschap is called in authenticate.
What might be causing the request->config to be at a different location between when the clear text password is stored and when it is needed to authenticate?
johnh...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110310/e62b38dc/attachment.html>
More information about the Freeradius-Users
mailing list