On Thu, Aug 19, 2010 at 3:42 PM, rrperez <[email protected]> wrote: > > Sorry for the inconvenience Alan, I'm just a student and currently > studying/exploring radius servers. >
You seem to be selectively ignoring some sugesstions though. It's fine if you REALLY know what you're doing, but this does not seem to be the case. > > Now I changed all the configuration back to default and make the some > configuration to make ldap works. > > Here is the debug and it is quite different from the previous one: Here's some things you need to take note of: (1) If you configure clients to use PEAPv0/EAP-MSCHAPv2 (or sometimes refered to as PEAP only), it does not supply plain-text/cleartext password (2) authenticating to Lotus Domino requires that you supply plain-text password, since Lotus stores password using some propietary hash/encryption (3) One of the EAP methods that can send plain-text password is PEAP-GTC (others on this list have suggested TTLS-PAP) (4) Windows by itself does not support PEAP-GTC or TTLS-PAP (5) Thus, you need third-party supplicant to have Windows be able to use EAP methods which sends cleartext password. Does this make sense so far? Have you use any third-party supplicant and configure them to do either PEAP-GTC or TTLS-PAP? If yes, the password that you typed when authenticating should show up in the debug log (which doesn't seem to be the case). See http://wiki.freeradius.org/Extensible_Authentication_Protocol http://lists.freeradius.org/pipermail/freeradius-users/2010-August/msg00297.html Commercial supplicant is also available: http://www.ciscosystems.com/en/US/products/ps7034/products_configuration_example09186a0080734afc.shtml -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
