Here's what I've to put in the users file to make it work :
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
Fall-Through = no
But now PEAP/MSCHAPv2 doesn't work...
If you had read the debug log, you would see
Christophe Saillard [EMAIL PROTECTED] wrote:
When I do not set Auth-Type TTLS/PAP works with users stored in the
users files, PEAP/Ms-chap-v2 works with users from LDAP storage,
but TTLS/PAP from LDAP doesn't work
And the debug log would tell you why. The FAQ also mentions
something
Hello Christophe.
Christophe Saillard pravi:
And you set Auth-Type = EAP. DON'T DO THAT.
I do that ;). I prefer to manualy set EAP when user tries to identify as
[EMAIL PROTECTED]. Users are *NOT* allowed to use any other authentication
method :).
For the moment I've a running freeradius
Hi,
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put in the users file to make it work :
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
Fall-Through = no
But now PEAP/MSCHAPv2
Try something like this for your check line:
DEFAULT Freeradius-Proxied-To == 127.0.0.1, EAP-Message !* ,
Auth-Type := PAP
--Mike
On Mon, 2004-06-21 at 06:59, Christophe Saillard wrote:
Hi,
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put
Rok Papez [EMAIL PROTECTED] wrote:
And you set Auth-Type = EAP. DON'T DO THAT.
I do that ;). I prefer to manualy set EAP when user tries to identify as
[EMAIL PROTECTED]. Users are *NOT* allowed to use any other authentication
method :).
That's about the only time you should set it.
Christophe Saillard [EMAIL PROTECTED] wrote:
Now I've a working TTLS/PAP with LDAP storage configuration ;-)
Here's what I've to put in the users file to make it work :
DEFAULT Auth-Type := PAP, Freeradius-Proxied-To == 127.0.0.1
User-Name = `%{User-Name}`,
Hello,
For the moment I use Freeradius with EAP-TTLS and it works fine...now
I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think
something failed in my users file configuration.
Does someone have such a working
Hi Christophe.
Christophe Saillard pravi:
For the moment I use Freeradius with EAP-TTLS and it works fine...now
I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think
something failed in my users file configuration.
Thanks for your help.
I think I'm not far from the end but I still have problems.
Here's the debug logs :
[...]
Fri Jun 18 14:11:17 2004 : Debug: rlm_ldap: performing search in
dc=u-strasbg,dc=fr, with filter (uid=csaillard)
request 6 done
Fri Jun 18 14:11:31 2004 : Debug: rlm_ldap: Added
Christophe Saillard [EMAIL PROTECTED] wrote:
For the moment I use Freeradius with EAP-TTLS and it works fine...now
I'd like to get users credentials form an existing LDAP database.
The LDAP server sends me a valable MD5 hashed password but I think
something failed in my users file
Christophe Saillard [EMAIL PROTECTED] wrote:
Fri Jun 18 14:11:31 2004 : Debug: rad_check_password: Found Auth-Type EAP
...
Fri Jun 18 14:11:31 2004 : Debug: rlm_eap: Request not found in the list
Fri Jun 18 14:11:31 2004 : Error: rlm_eap: Either EAP-request timed out
OR EAP-response to an
And you set Auth-Type = EAP. DON'T DO THAT.
The eap.conf file has BIG HUGE COMMENTS saying DON'T DO THAT. It
really means DON'T DO THAT.
You're doing the exact opposite of what the documentation says, and
as a result, it's not working. You might try following the
recommendations of the
Christophe Saillard [EMAIL PROTECTED] wrote:
Now I'd like to get credentials from an existing LDAP user storage instead
of the Freeradius users file
That shouldn't be a problem.
(I store MD5 hashed password to have PAP compatibility).
That will make CHAP MS-CHAP not work.
The Ldap
14 matches
Mail list logo
