[email protected] wrote: >> but using LDAP user with auth_type = PAP in gtc section does not work >> #============================================== >> Found Auth-Type = EAP >> +- entering group authenticate {...} >> [eap] Request found, released from the list >> [eap] EAP/gtc >> [eap] processing type gtc >> [gtc] +- entering group PAP {...} >> [pap] login attempt with password "<My LDAP password here>" >> > > That's not "your LDAP password". That's the password from the > User-Password field in the request. > >
It was the same as my LDAP password :) Reading eap.conf again you're right though, that's the password from the User-Password field in the request. Which means that gtc receives the password correctly as plain-text. >> [pap] No password configured for the user. Cannot do authentication >> ++[pap] returns fail >> [eap] Handler failed in EAP/gtc >> [eap] Failed in EAP select >> ++[eap] returns invalid >> Failed to authenticate the user. >> Login incorrect: [<My LDAP user here>] (from client <My client name >> here> port 0 via TLS tunnel) >> #============================================== >> > > And where is the part of the debug that shows what ldap did? > > Here's a complete debug log from radius startup tested with radtest, with user and pasword masked. This works correctly. http://pastebin.com/f11606cc2 Here's a complete debug log from radius startup tested with wifi client, same user and password, same config files. Somehow in this config LDAP never got to bind as my user. http://pastebin.com/f37aaf2b2 Regards, Fajar
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
