Hi All,
I am trying to setup freeradius in such a way that a client pc can authenticate with
LEAP via a CISCO aironet AP 1200 using an account in LDAP.
I am so far that my freeradius adds my password (the header {SHA} is removed
succesfully) to the "check items", but when doing the "get values", it inserts only
"{" as password. Due to this, I get an "incorrect NtChallengeResponse from AP".
I have been reading all the related topics in the mail archive but I cannot find the
solution.
I would like to know:
1) is it possible to use ldap sha-encrypted passwords for leap authentication?
2) if this is possible, how can I make rlm_ldap get the correct password when doing
the "get values"?
***************DEBUG INFO*******************
ldap_get_values
rlm_ldap: Added password eIBF4griEW456Ds+hv4x5CaI= in check items
rlm_ldap: looking for check items in directory...
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
rlm_ldap: Adding userPassword as userPassword, value { & op=21
ldap_get_values
rlm_ldap: looking for reply items in directory...
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
ldap_get_values
rlm_ldap: user username authorized to use remote access
ldap_msgfree
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_eap: EAP packet type notification id 6 length 40
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: EAP packet type notification id 6 length 40
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Login incorrect: [username/<no User-Password attribute>] (from client accesspoint port
37 cli 000e6824e6c3)
***************DEBUG INFO*******************
Thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
