How to configure non-priveleged LDAP bind in FreeRADIUS 3.0.11
Matthew Newton
mcn at freeradius.org
Tue Jul 23 21:19:51 CEST 2019
On Tue, 2019-07-23 at 15:13 -0400, Kev Xlr wrote:
> The backend database is Azure AD DS with LDAPS enabled, and the goal
> is to have EAP-TTLS/PAP for wifi access points. Obviously passwords
> are not in cleartext so users should be authenticated by a simple
> LDAP bind by the rlm_ldap module.
Your client is using PEAP, not TTLS. So there's no inner PAP, and no
plaintext password is available for the LDAP bind.
> (0) eap: Peer sent packet with method EAP Identity (1)
c: EAP identity
> (0) eap: Calling submodule eap_md5 to process data
> (0) eap_md5: Issuing MD5 Challenge
fr: Can you do MD5?
> (1) eap: Peer sent packet with method EAP NAK (3)
> (1) eap: Found mutually acceptable type PEAP (25)
c: Nope... PEAP please.
fr: OK!
Reconfigure the client to do TTLS/PAP, then see where you get from
there.
--
Matthew
More information about the Freeradius-Users
mailing list