Steffen Langhammer wrote: > The LDAP-Server doesn't contain a clear-text password. They are > encrypted and this isn't allowed to change.
hhttp://deployingradius.com/documents/protocols/compatibility.html > The password field is "userPassword". > > I was testing my LDAP-Configuration in Freeradius with NTRadPing. > If I make an authentication Request I get a response: Access_accept. > I am happy that freeradius can speak to LDAP :-)) > > Now my problem is: > The wireless client is configured to LEAP, I enter the same user and > password as in NTRadPing Utility. But I don't get access. Your requirements are impossible to satisfy. > I don't understand what I have done wrong. > Maybee the eap-module is not able to forward the bind to the LDAP-Server ? No. Read the page given by the URL above. What you want to do is impossible. > If i use LEAP and set the password_attribute to an cleartext field in > ldap it works. Exactly. > I was setting as password_attribute the field to givenname and enter as > passwort the givenname of user. > > If I use the LEAP mode on the client the login to WLAN works fine (by > using cleartext) > But I have to use the encrypted password in LDAP because of security > reasons. > > What can I do ? Read the last section of that web page. Trying to do the impossible is an effort in futility. Change your requirements to something that is possible to do. My suggestion: don't do LEAP. It's insecure. Use another EAP method such as TTLS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
