Re: CHAP not working with ldap
It posible that i ve the same probleme because i can't working PEAP MS-CHAP with LDAP base. Error with NTPassword or LmPAssword. But password in LDAP stored by clear In this day, i didn't found the solution !! - Original Message - From: kevin J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 4:08 AM Subject: Re: CHAP not working with ldap Alan DeKok wrote: kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Thanks Alan. CHAP is working with ldap now. I have two more questions though. 1) I found that PAP is not working with ldap. RADIUS just tried ldap authentication. I don't know why. Is there anything that I have to do for PAP? 2) It looks that ldap connection is not persistant which mean re-bind ldap per authentication. Is this true or am I missing something? Thanks, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
kevin J wrote: Our ldap has USER-CTPASSWORD for clear-text. I properly modified ldap.attrmap and dictionary. I put password_header = {clear} in ldap of module (radiusd.conf) but I got rlm_ldap: Attribute: User-Password is required for authentication. Cannot use CHAP-Password Anybody know how to do CHAP with a password which is extracted from ldap? Kevin I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: if(request-password-attribute != PW_PASSWORD) { radlog(L_AUTH, rlm_ldap: Attribute \User-Password\ is required for \ authentication. Cannot use \%s\., request-password-name); return RLM_MODULE_INVALID; } Should I change the line if I want to make ldap working with CHAP? Another question is if I want to use a persistant connection to ldap then what should I do? It looks that radius binds ldap per authentication. Thanks, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Should I change the line if I want to make ldap working with CHAP? No. Do not set Auth-Type := LDAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP not working with ldap
Alan DeKok wrote: kevin J [EMAIL PROTECTED] wrote: I found the line 1441 of rlm_ldap.c returns RLM_MODULE_INVALID if the password is not pap: ... What you're missing is that's the *authentication* function. The LDAP database doesn't know how to do CHAP, it only knows how to do PAP. So the rlm_ldap module can send ONLY a PAP password to an LDAP database. Thanks Alan. CHAP is working with ldap now. I have two more questions though. 1) I found that PAP is not working with ldap. RADIUS just tried ldap authentication. I don't know why. Is there anything that I have to do for PAP? 2) It looks that ldap connection is not persistant which mean re-bind ldap per authentication. Is this true or am I missing something? Thanks, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html