To do CHAP, you must have:
1. The PLAINTEXT password in the LDAP server
2. The Radius server permitted to read that attribute
3. The ldap module configured to put whatever that attribute is
(usually userPassword) into the radius "User-Passord", using the
"password_attribute" option of the ldap module
4. "chap" above "pap" in the authorize (which you've got)
5. "chap" anywhere in authenticate
Hiya,
We have all of those set. The password is stored plain text in
userPassword. The radius server has read access to that attribute. The
ldap module is configured in radiusd.conf for that attribute. Chap is
above pap, and chap is also in authenticate {}.
The password is still showing up as "blank" when they dial up, before it
even hits the LDAP server. Is there debugging output I could send you
that might help with this?
Regards,
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
