ldap sha1 mschap peap pap

[Epp, Ladd J]

Hello Again,   Since I’m still relatively new to FreeRADIUS authorization/authentication, some clarification on the following subject would help me out greatly.  I understand that ldap passwords must be clear to use mschap (Windows XP wireless supplicant using PEAP). Is this absolutely true? On reading the FAQ (5.11), I get the impression that you can use PAP passwords to authenticate. And, in radiusd.conf, you can specify a pap encryption scheme (in my case, my ldap passwords are in sha1). I’ve read through doc/rlm_ldap as the FAQ suggests and still do not understand.   Also, I’m able to bind using the credentials I’ve entered on the supplicant side. My knowledge is limited, but why can’t the LDAP authorization be enough to say, “ok, the user is in the database and the password is good. Let him/her have access.” Why is authorization happening, but User-Password errors stopping me.   Please help!   Thanks lje     rlm_ldap: user bogusstudent authorized to use remote access ldap_msgfree rlm_ldap: ldap_release_conn: Release Id: 0   modcall[authorize]: module "ldap" returns ok for request 8 modcall: group authorize returns updated for request 8   rad_check_password:  Found Auth-Type EAP auth: type "EAP"   Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8   rlm_eap: Request found, released from the list   rlm_eap: EAP/mschapv2   rlm_eap: processing type mschapv2   Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 8   rlm_mschap: No User-Password configured.  Cannot create LM-Password.   rlm_mschap: No User-Password configured.  Cannot create NT-Password.   rlm_mschap: Told to do MS-CHAPv2 for bogusstudent with NT-Password   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect       Ladd J. Epp Information Specialist The University of Kansas 785-864-0460