cisco WAP/FreeRadius/OpenLDAP
Phil Mayers
p.mayers at imperial.ac.uk
Wed Nov 2 17:16:50 CET 2011
On 02/11/11 15:41, Matthew Arguin wrote:
> and here is the debug when i test a laptop connecting:
Sigh. This is not the full debug. The full debug starts when radiusd
starts up, and dumps the module configs. This is why we never ask people
to give their configs - it's in the debug, and is redundant, but if you
trim the debug, that's unhelpful.
> [gtc] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> [gtc] +- entering group PAP {...}
> [pap] login attempt with password "r0adkill"
> [pap] Using CRYPT password "*"
Where is this ^^^ coming from?
i.e. "CRYPT password <star>"
Something is setting a password somewhere. If it's not the LDAP module,
it must be something else. Find it and remove it.
If I "diff" the modules that are running when you do your successful PAP
and your unsuccessful EAP/GTC inner-tunnel, I see the inner-tunnel has:
[unix] returns updated
<snip>
[control] returns noop
What are you updating in the inner-tunnel? You must have:
server inner-tunnel {
authorize {
...
# this isn't here in the "default"
unix
...
# this isn't here in the "default"
update control {
??? what here?
}
}
More information about the Freeradius-Users
mailing list