On Tue, Dec 02, 2003 at 01:22:21AM +0000, jiang chong wrote: > Dear Andrej Brkic > Thank you for your help again.You are enthusiastic man.I think that > openldap and PAP work well now.My NAS is a cisco pix525 that provides VPN > tunnal for people who maybe in home or on a tour.Cisco pix525 can provides > kinds of authentications with PAP,CHAP,MS-CHAP-V1.But most of clients is > windows 2K,and the default VPN authentication requests of win2k is > MS-CHAP.So i just want to use MS-CHAP with LDAP.I think that i misconfig > some relative files,Maybe radiusd.conf,or users.In users file,i do nothing > except commenting out the line of "DEFAULT Auth-Type = System > Fall-Through = 1".In radiusd.conf file,i configure some parameter of > "ldap" module in modules section.And i think LDAP works.All passwords are > cleartext in my ldap server.I read some documents of freeradius,but i can't > find any hint.Can you give me any hint,thank you very much. >
MS-CHAP is not the default, it is REQUIRED if you want MPPE VPN connections from your Win2k/XP clients. How to do it with LDAP ? The trick here is to extract the password from LDAP, let the mschap module set the Auth-Type and do it's job in the authenticate part. In your case radiusd -X is your best friend, the debug output will tell you what is happening. -- Andrej Brkic Fakultet Prometnih Znanosti, Zagreb, Croatia E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
