PEAP with LDAP as authentication source

Mon Aug 29 13:31:15 CEST 2016

On Aug 29, 2016, at 5:06 AM, Ana Gallardo Gómez <anaougu at gmail.com> wrote:
> I don't know if I can use PEAP with LDAP  as authentication source...

  Yes, you can.  But you have to use LDAP as a *database*.  You cannot do an LDAP bind.

> The problem I found is that inner-tunnel server doesn't receive
> User-Password attributte, so the bind in authentication is not successful:

  So don't do LDAP bind.

> (9)     Auth-Type LDAP {
> (9)       redundant redundant_ldap_auten_email {
> (9) ldap1_auten_email: WARNING: You have set "Auth-Type := LDAP" somewhere
> (9) ldap1_auten_email: WARNING:
> *********************************************
> (9) ldap1_auten_email: WARNING: * THAT CONFIGURATION IS WRONG.  DELETE
> IT.
> (9) ldap1_auten_email: WARNING: * YOU ARE PREVENTING THE SERVER FROM WORKING
> (9) ldap1_auten_email: WARNING:
> *********************************************

  So... what is unclear about that message?  Go fix your configuration so it doesn't force Auth-Type = LDAP.

  And post the FULL debug output.

> It is posible use PEAP with LDAP as authentication source? with TTLS-PAP or
> TTLS-MsCHAPv2 it works.

  If it works for TTLS-MSCHAPv2, then it should work for PEAP.

  Alan DeKok.