Freeradius3 with PEAP and LDAP
carsten.schulze at leuphana.de
Wed Aug 29 07:22:23 CEST 2018
thanks for your help again. I used the v3 default config with one
exception, the default inner-tunnel.
I added the ldap provider to it and changed the modules/eap back to
point on that -> success.
Am 28.08.2018 um 13:55 schrieb Alan DeKok:
> On Aug 28, 2018, at 4:11 AM, Carsten Schulze <carsten.schulze at leuphana.de> wrote:
>> I try to convert our freeradius2 setup to a new freeradius3 configuration.
> It's better to start with the default v3 configuration, and then gradually add pieces from the v2 config. That way it starts off as working. And, you can tell when it breaks, and what change broke it.
>> A setup with TTLS + PAP is working, but when I switch to PEAP I'll get the following output.
>> Any idea, or a howto with a LDAP-Provider with NT-Hashes?
> The problem isn't LDAP or NT hashes.
>> radiusd: FreeRADIUS Version 3.0.12, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:05:06
>> (10) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
>> (10) pap: No User-Password attribute in the request. Cannot do PAP
>> (10) [pap] = noop
>> (10) } # authorize = updated
>> (10) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> For one, you didn't post the *full* debug output as suggested here: http://wiki.freeradius.org/list-help
> That would have let us know exactly what was going on.
> Without that, my best guess is that you deleted the "eap" module from the "inner-tunnel" virtual server. Add it back (as per the default config), and it should work.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mit freundlichen Grüßen
Dipl. Inform. (FH) Carsten Schulze
Medien- und Informationszentrum (MIZ)
Leuphana Universität Lüneburg
Universitätsallee 1, C7.206
More information about the Freeradius-Users