-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm pretty sure PEAPv0 does not support GTC as an inner method, and FreeRADIUS does not support PEAPv1. Use EAP-TTLS with a GTC/PAP inner. Thanks, Arran > [email protected] wrote: >>> but using LDAP user with auth_type = PAP in gtc section does not work >>> #============================================== >>> Found Auth-Type = EAP >>> +- entering group authenticate {...} >>> [eap] Request found, released from the list >>> [eap] EAP/gtc >>> [eap] processing type gtc >>> [gtc] +- entering group PAP {...} >>> [pap] login attempt with password "<My LDAP password here>" >>> >> That's not "your LDAP password". That's the password from the >> User-Password field in the request. >> >> > > It was the same as my LDAP password :) > Reading eap.conf again you're right though, that's the password from the > User-Password field in the request. Which means that gtc receives the > password correctly as plain-text. > >>> [pap] No password configured for the user. Cannot do authentication >>> ++[pap] returns fail >>> [eap] Handler failed in EAP/gtc >>> [eap] Failed in EAP select >>> ++[eap] returns invalid >>> Failed to authenticate the user. >>> Login incorrect: [<My LDAP user here>] (from client <My client name >>> here> port 0 via TLS tunnel) >>> #============================================== >>> >> And where is the part of the debug that shows what ldap did? >> >> > > Here's a complete debug log from radius startup tested with radtest, > with user and pasword masked. This works correctly. > http://pastebin.com/f11606cc2 > > Here's a complete debug log from radius startup tested with wifi client, > same user and password, same config files. Somehow in this config LDAP > never got to bind as my user. > http://pastebin.com/f37aaf2b2 > > Regards, > > Fajar > > > ------------------------------------------------------------------------ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - -- Arran Cudbard-Bell ([email protected]), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmlK6YACgkQcaklux5oVKJr2QCfd+oXEUbiE8OTRjFmfmbSELJU tikAn2FJw8c8JzNC6VQpWAxPuqtBkk2c =oh6a -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
