Hi Kostas, I'm now confused. I posted the following to this list a few moons back I got this reply from ALan.
>In the following debug trace it's my expectation >that the MS-CHAP module would set the Auth-Type to > MS-CHAP, but obviously it doesn't.... > modcall[authorize]: module "mschap" returns notfound List 'mschap' after 'ldap', that should help. The issue is that the MSCHAP module looks for MS-CHAP to set Auth-Type:= MSCHAP. But it ALSO looks for User-Password, to create NT passwords. The second step is what's failing. The MSCHAP module should be updated to do the second step only during the authentication phase. Alan DeKok. It's a bit different to what you have said below, or is it? Regards Mike D. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kostas Kalevras Sent: 16 June 2003 02:29 To: [EMAIL PROTECTED] Subject: RE: LDAP authent/authorize and CHAP On Mon, 16 Jun 2003, Michael Davidson wrote: > Hi > You need to re-order your authorize section so that MS_CHAP and CHAP appear > after LDAP. The LDAP module will read the client's details into memory for > use by the 'CHAP authenticate modules. ** NO ** The mschap/chap modules should come *before* the ldap module to set Auth-Type correctly. The ldap module just needs to be present in the authrize section to extract the user password from the user ldap entry and make it available for the mschap/chap modules in the authenticate section. > > Regards Mike D. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
