Hi Radius Fans,
I am trying to move our current environment from 1.1.7 to 2.1.10 and are having
a problem getting things to work.
We have a Novell NDSLdap server which provides clear text passwords for Novell
users.
We are using peap-mschapv2.
In looking at the logs and Eap-Messages we see:
response 01 identity (username) -> server
The server looks up the user in ndsldap and:
Info: [ldap] Added the eDirectory password (password removed) in check
items as Cleartext-Password
Then the server sends a request 02 to use EAP-TLS
There are a series of responses (mostly appear to be ack) and requests to
get the tunnel setup
which succeeds.
Near the end the client sends a response (ID=8) which is a response to the
mschap2 challenge.
When the server is processing this response it reports:
Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password.
I put in some additional debugging and found that address of the
request->config_item has changed from when the ldap module put the cleartext
password in as a pair and when the mschap module attempts to remove it.
The ldap module is called in authorize and the mschap is called in authenticate.
What might be causing the request->config to be at a different location between
when the clear text password is stored and when it is needed to authenticate?
johnh...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
