Ryan Setiawan H wrote: > I've research & googling about LDAP and CHAP :D, but until now still > don't work ... here the debug, and btw i'm using freeradius-1.1.7_2 :
If the LDAP server gives FreeRADIUS the clear-text password, then CHAP should work. > rad_recv: Access-Request packet from host 192.168.8.88:4609, id=30, > length=48 > User-Name = "testing" > CHAP-Password = 0x30e3e28c521fe0d81b988d2475dae76f3f > ------------cut--------------. > rlm_ldap: Bind was successful > rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter > (uid=testing) > rlm_ldap: checking if remote access for testing is allowed by dialupAccess > rlm_ldap: Password header not found in password Testing1 for user testing And does CHAP work for this user? > -----------cut--------------- > * as you can see the radius module rlm_ldap can "see" the password for > user testing, here the next one Next one... what? Next request? Next user? > based on the faq on > http://wiki.freeradius.org/index.php/FAQ#How_do_I_make_CHAP_work_with_LDAP.3F, > > it is possible for using chap with ldap backend, Yes. It is also likely that it's much easier on 2.0.5. > also there is clue > where parameter like > password_header = "{clear}" > password_attribute = userPassword > password_radius_attribute = "User-Password" > must be set.... but how? in the "ldap" section of radiusd.conf, where the LDAP parameters are configured. > i'm still trying to read the code ( like rlm_chap.c ) to see what > attribut does rlm_chap read for the password that was passed by the > module ldap. but it is so arcane and "debuging code twice hard as > writing the code at first place" Don't read the code. It won't help you. > anyone has solution for this matter? Try installing 2.0.5 in a separate directory and configuring it. Odds are it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
