Shawn O'Shea <[EMAIL PROTECTED]> wrote:
> My problem is that the packets from them send the password as
> CHAP-Password attribute. If I set this in my test data for radclient, my
> freeradius 0.5 server says:
> Wed Mar 20 15:35:57 2002 : Auth: rlm_ldap: Attribute "User-Password" is
> required for authentication. Cannot use "CHAP-Password".
See the FAQ for further explanation.
> Wed Mar 20 15:35:57 2002 : Auth: Login incorrect:
> [{ed: whatever username -sko}/<CHAP-Password>] (from nas
> UNKNOWN-NAS port 0 cli 8475061520)
>
> If I use just User-Password, this works like a dream. Any suggetions?
Don't use CHAP.
From what I recall, the LDAP module tries to authenticate to the
LDAP server, usin g the username/password supplied in the packet.
Therefore, it needs access to the plain-text password, as it's telling
you.
The alternative is to use a DB which stores the password in clear text.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
