I don't follow the list daily, and I do no wish to get in the middle of
this pissing match in the least, however, I am having what I consider to
be a similar problem.
Background: Freeradius 0.9.3 on Fedora Core 1, openldap-2.0.27
We are auth'ing various services off the LDAP, including Radius. We are
using both {crypt} and plaintext, depending on the age of the customer.
I can auth PAP requests all day long, however, I get the following error
when a CHAP term server requests auth.
Thu Sep 2 13:27:40 2004 : Auth: rlm_ldap: Attribute "User-Password" is
required for authentication. Cannot use "CHAP-Password".
Thu Sep 2 11:35:47 2004 : Auth: Login incorrect: [EMAIL PROTECTED]/<CHAP-Password>]
This is the result of a test from a term server with an account that has a
clear-text password.
Now, as far as I can see in the configs and code, we have not removed
anything that would break it, AND there is no "User-Password" defined in
the bundled schema for LDAP v3 in the doc directory.
(RADIUS-LDAPv3.schema) There appears to be NO conversion from "uid" to
"User-Name" anywhere that I can see, so how can this work out of the box?
And, given this, HOW can this statement below be correct?
BTW- I don't see how you can test CHAP auth with anything other than a
term server- radtest/radclient don't appear to support the option?
..erik
On Mon, 30 Aug 2004, Alan DeKok wrote:
> You said it worked with "radclient". I assume you used PAP
> authentication. If you try the same user with MS-CHAP, then it will
> work, unless you've gone out of your way to break it again.
>
> Honestly, if PAP works for a user, then MS-CHAP works, too. Trust
> me in this.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
