Problem with LDAP authentication
Pircher, Sabine
sabine.pircher at tum.de
Fri May 19 11:59:49 CEST 2017
Thanks for your answers.
WORKS: Storing the passwords in clear-text in the LDAP database (Standard-PosixAccount).
But in general I don’t like to store any passwords in clear-text.
I read this article: http://deployingradius.com/documents/protocols/compatibility.html and PAP inside EAP-TTLS looks good for me to store encrypted passwords, but I’m new to freeradius and authentication.
What’s the best way ‘to do’ it?
On 18.05.2017, 20:19, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+sabine.pircher=tum.de at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:
> On May 18, 2017, at 1:58 PM, Pircher, Sabine <sabine.pircher at tum.de> wrote:
> >
> >
> > I set up a wifi-system, authenticating via freeradius v3.0.12 and openldap. During the configuration I run into a problem, which I can’t understand.
> > - Works: Authentication of the testuser ‘bob’ via EAP
>
> What did you use for a test client? eapol_test? Or a real system?
I use a real system.
>
> > - Works: Radtest authentication of the user ‘spircher’ via ldap is also working fine. “radtest –x spircher test 127.0.0.1:1812 0 testing123”
>
> Which doesn't test the end system. i.e. certificates, etc.
>
> > - Not working: Authentication of the user ‘spircher’ via ldap and eap
> > Attached my debugging output.
> >
> > Do you have any ideas how to solve it?
>
> The supplicant is giving up. If you had waited a few more seconds, you would see more debug output which points you to a Wiki page. That page describes what's going on.
>
> Odds are you didn't put the CA certificate on the end user machine.
Certificates are installed.
>
> See http://deployingradius.com for a "how to" guide. There are detailed and explicit instructions for what to do, along with what can go wrong, and why.
>
> Alan DeKok.
Best regards,
Sabine Pircher
More information about the Freeradius-Users
mailing list