Colleen C. Morrissey wrote: > I spoke too soon. This works ok for a user/password in users file, but > not via LDAP. Via ldap mschap works but not gtc. Below is snippet of > output when it is failing. Any advice on how to fix would be appreciated: > [EMAIL PROTECTED] raddb]# more gtc_info > modcall: entering group authenticate for request 502 > rlm_eap: Request found, released from the list > rlm_eap: EAP/gtc > rlm_eap: processing type gtc
... which sends the clear-text password to the server. > Processing the authenticate section of radiusd.conf > modcall: entering group PAP for request 502 > rlm_pap: login attempt with password blah > rlm_pap: Using NT encryption. Why? If you have the clear-text password on the server, you can just compare the two. There's no need to configure rlm_pap to do the NT hash. > radius_xlat: Running registered xlat function of module mschap for > string 'NT-Hash blah' > rlm_mschap: Unknown expansion string "NT-Hash blah" > radius_xlat: '' That's a bug which will be fixed in 1.1.7, but it shouldn't affect you... Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
