Alan DeKok wrote:
Florian Prester <[EMAIL PROTECTED]> wrote:
I configured 2 ldap modules, one using a clear-text password for
PEAP-TLS with MS-CHAPv2 or only CHAP authentication,
and one retrieving a Crypt-Password for using PAP-Authentication.
Why? Just use the clear-text password to do all of the
authentication. You're making work for yourself without any gain.
But how can I do PAP with a clear-text password?
group {
...
You're listing EAP in that group. DON'T.
Sorry, didn`t wanna do that!
But I want to achieve that the authentication is first trying CHAP, then
PAP and so on.
But it only takes the first entry, and if I switch the order of ldap-PAP
and ldap-PEAP, so it should take ldap-PAP, therefore retrieve an
Crypt-Password from the ldap-PAP-section it wants to use ldap for
authentication!?!?!?
Yes.
How can I change that?
I thought radius is taking that kind of authentication which request is
comming in?!
So I sniffed and there are comming different request:
PAP: User-Password
CHAP: CHAP-Password
So how can I tell the radius to take the proper authentication and
therefore a specific password using the LDAP profile?
In LDAP the clear-text password is given as well as the crypt one?
What do I wrong?
You've made massive changes to the configuration files.
Stop using two LDAP instances. You don't need them. Use the
default configuration, with one LDAP module in the places shown by the
default configuration. It WILL work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am sorry, if I am annoying you, but I am kind of confused and do not
know what to do anymore.
Thanks
Florian
--
--------------------------------------------------------------
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Germany
Tel.: +499131 8527813
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
