LDAP = Failed setting connection option certificate_file

Alan DeKok aland at deployingradius.com
Fri Aug 9 15:31:02 CEST 2019

On Aug 9, 2019, at 9:16 AM, Dave Walsh <dave_walsh at lsrhs.net> wrote:
> Ok, if I test via the wireless controller the user credentials are accepted
> by Google, but with a client it fails.
> Checking via radtest it works for the first test, but when I try the mschap
> test mode it fails.

  Google doesn't do MS-CHAP.

> Is that what you were warning me about?


> Is there some configuration I've
> messed up and fixing that will solve the issue or have I hit an impasse?

  Google stores the passwords, and *won't* give them to FreeRADIUS.   Google also doesn't do MS-CHAP.

  FreeRADIUS does MS-CHAP.  But FreeRADIUS needs access to the passwords, in order to do the MS-CHAP calculations.

  The only way around this is:

a) use your own LDAP server, which can then give the passwords to FreeRADIUS

b) get the clients to do TTLS + PAP instead of PEAP + MS-CHAP.

  Nothing else will work.

  Alan DeKok.

More information about the Freeradius-Users mailing list