Yet Another PEAP-MSCHAPV2 problem

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Sep 21 23:55:35 CEST 2015


Hi,

> of the differences between the "branches" of the directory tree, is
> that the incorrect one is using Crypt passwords, and the correct one
> is using SSHA passwords.  Seems that the SSHA passwords are not
> working while the Crypt passwords do.

well, as others have pointed out, theres an issue with the format of
the name too.  uid=xxxxx must match, you cant look for uid=user and
expect uid=user at realm to match  - so you may want to vary your ldap
query based on the username - perhaps do a user-name check if theres
a realm thats not handled properly? 

how does your LDAP server present the password? LDAP is not an authentication
system, its an 'oracle' of values - so you may need to tell FreeRADIUS what
format the reply value is - read the LDAP and FreeRADIUS password format docs

eg http://wiki.freeradius.org/modules/rlm_ldap


alan


More information about the Freeradius-Users mailing list