Re: CHAP not working with ldap
It posible that i ve the same probleme because i can't working PEAP MS-CHAP with LDAP base. Error with NTPassword or LmPAssword. But password in LDAP stored by clear In this day, i didn't found the solution !! - Original Message - From: kevin J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 4:08 AM Subject: Re: CHAP not working with ldap Alan DeKok wrote: kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Thanks Alan. CHAP is working with ldap now. I have two more questions though. 1) I found that PAP is not working with ldap. RADIUS just tried ldap authentication. I don't know why. Is there anything that I have to do for PAP? 2) It looks that ldap connection is not persistant which mean re-bind ldap per authentication. Is this true or am I missing something? Thanks, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
kevin J wrote:
Our ldap has USER-CTPASSWORD for clear-text. I properly modified
ldap.attrmap and dictionary. I put password_header = {clear} in
ldap of module (radiusd.conf) but I got
rlm_ldap: Attribute: User-Password is required for authentication.
Cannot use CHAP-Password
Anybody know how to do CHAP with a password which is extracted from ldap?
Kevin
I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the
password is not pap:
if(request-password-attribute != PW_PASSWORD) {
radlog(L_AUTH, rlm_ldap: Attribute \User-Password\ is
required for \
authentication. Cannot use \%s\.,
request-password-name);
return RLM_MODULE_INVALID;
}
Should I change the line if I want to make ldap working with CHAP?
Another question is if I want to use a persistant connection to ldap
then what should I do?
It looks that radius binds ldap per authentication.
Thanks,
Kevin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Should I change the line if I want to make ldap working with CHAP? No. Do not set Auth-Type := LDAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
Alan DeKok wrote: kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Thanks Alan. CHAP is working with ldap now. I have two more questions though. 1) I found that PAP is not working with ldap. RADIUS just tried ldap authentication. I don't know why. Is there anything that I have to do for PAP? 2) It looks that ldap connection is not persistant which mean re-bind ldap per authentication. Is this true or am I missing something? Thanks, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
