Help for configuration 3.0.11

Philipp Trenz mail at
Wed Sep 28 19:21:31 CEST 2016

Hi freeradius-list,

I'm trying to configure v3.0.11 and have some problems to understand how 
freeradius requests the configuration.

The plan is to process requests via PEAP/MS-CHAPv2 to check MD4-Hashes 
against NT-Password-Attribute at a LDAP database.

As I understand, PEAP gets processed within the outer default-virtual 
server and this passes the inner MS-CHAPv2 to inner-tunnel. Now I'm not 
shure if it has to be processed through the mschap-module or through 
ldap-module. If mschap-module where or when does freeradius get the 
NT-Password from LDAP? Does the mschap-module trigger the ldap-module?

In details I want to upgrade a working 2.0.0 configuration to 3.0.11 
(and then update to the upcoming 3.0.12 release). Another point I'm 
struggeling are the mappings of the LDAP attributes. I have the old 
ldap.attrmap, but don't know how to bring
checkItem	$GENERIC$			radiusCheckItem
replyItem	$GENERIC$			radiusReplyItem
to the new configuration. changing the NT-Password is more simple ;)

Later on some requests should get proxied via RadSec depending on their 
REALM, but for now having the above working would make me quite happy.

I'm very thankful for your help!

More information about the Freeradius-Users mailing list