Hi,
I'm trying to auth EAP (Using a Accesspoint) to an FreeIPA ldap server
using Freeradius.
I get the following error when I use PEAP and CHAPv2
How can I make sure the passwords are not sent in plaintext as I think
that is my issue.
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "username", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "username", skipping NULL due to config.
++[ntdomain] = noop
[eap] EAP packet type response id 42 length 73
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++policy redundant {
[ldap] performing user authorization for username
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> username
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=username)
[ldap] expand: cn=users,cn=accounts,dc=domain,dc=local ->
cn=users,cn=accounts,dc=domain,dc=local
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in cn=users,cn=accounts,dc=domain,dc=local,
with filter (uid=username)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure
that the user is configured correctly?
[ldap] ldap_release_conn: Release Id: 0
+++[ldap] = ok
++} # policy redundant = ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[daily] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[weekly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[monthly] = noop
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
++[forever] = noop
rlm_checkval: Item Name: Calling-Station-Id, Value: A4-07-G9-2E-41-D5
rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
++[checkval] = notfound
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
Thanks,
Matt
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
