Problem with LDAP authentication

Pircher, Sabine sabine.pircher at tum.de
Fri May 19 11:59:49 CEST 2017


Thanks for your answers.

WORKS: Storing the passwords in clear-text in the LDAP database (Standard-PosixAccount).
But in general I don’t like to store any passwords in clear-text.

I read this article: http://deployingradius.com/documents/protocols/compatibility.html and PAP inside EAP-TTLS looks good for me to store encrypted passwords, but I’m new to freeradius and authentication.

What’s the best way ‘to do’ it?


On 18.05.2017, 20:19, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+sabine.pircher=tum.de at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:

 >   On May 18, 2017, at 1:58 PM, Pircher, Sabine <sabine.pircher at tum.de> wrote:
 >   > 
 >   >  
 >   > I set up a wifi-system, authenticating via freeradius v3.0.12 and openldap. During the configuration I run into a problem, which I can’t understand.
 >   > - Works: Authentication of the testuser ‘bob’ via EAP
 >    
 >    What did you use for a test client?  eapol_test?  Or a real system?

I use a real system. 

 >   
 >   > - Works: Radtest authentication of the user ‘spircher’ via ldap is also working fine. “radtest –x spircher test 127.0.0.1:1812 0 testing123”
 >    
 >    Which doesn't test the end system.  i.e. certificates, etc.
 >   
 >   > - Not working: Authentication of the user ‘spircher’ via ldap and eap 
 >   > Attached my debugging output.
 >   >  
 >   > Do you have any ideas how to solve it?
 >   
 >    The supplicant is giving up.  If you had waited a few more seconds, you would see more debug output which points you to a Wiki page.  That page describes what's going on.
 >   
 >      Odds are you didn't put the CA certificate on the end user machine.

Certificates are installed.

 >    
 >     See http://deployingradius.com for a "how to" guide.  There are detailed and explicit instructions for what to do, along with what can go wrong, and why.
 >   
 >     Alan DeKok.
    
Best regards,
Sabine Pircher




More information about the Freeradius-Users mailing list