To complete the mailinglist entry I�ll describe what I made wrong. Maybe somone someday will made the same dumb mistake :).Probably you need to extract your user password from the ldap entry and make it available to eap_leap. The password should be clear text for things to work i think. Check out doc/rlm_eap (EAP-MD5 and ldap) and doc/rlm_ldap on how to configure password extraction in the ldap module
As listed in my first mailinglist message I used the LDIF file were User-Password was set with: "userPassword:= testpwd". Exactly here is the problem. As long as I used "userPassword:= testpwd" the error: "rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP" appeared. As soon as I deleted the "=" in entry no error message apearred and user1 could authenticate successful. There is a another way to get this to work. When I configured the entry in LDIF as following: "userPassword: {clear}testpwd" and uncommented: "password_header = "{clear}"" in LDAP section at radiusd.conf, authentication for user1 was successful again.
best regards, cl
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
