Thanks Alastair,

But, I just want to do ldap-athorize and pap-authenticate. So, I uncommented only ldap in authorize
and uncommented only pap in authenticate. I am using clear-txt so I put {clear} in module def. It looks like that pap is not found for auth-type.
:
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
ERROR: Unknown value specified for Auth-Type. Cannot perform requested action.
auth: Failed to validate the user.


I guess this is "authorize" issue and chap or eap can work because they have authorize function. I guess radius does not run a module in authenticate if it is not identified in authorize. Give me an advice if I am wrong.

Thanks,
Kevin

Alastair Grant wrote:

Kevin,
I have it working.  Well I use EAP-TTLS to create a secure tunnel between
RADIUS and my supplicant first but then I send the data from supplicant to
Radius via PAP and do LDAP authentication.  In this case it is alfa-ariss on
Windows 2000.  I am at home and won't be back at the office until monday but
I'll do my best to explain my set up.
   RADIUS:
     my default_eap_type in the eap module is TTLS
     in my authorize section I have preprocess, eap and ldap uncommented.
Everything else is commented out.
     in my authenticate section I have the LDAP block and eap uncommented.
Everything else is commented out even the PAP stuff.
  Supplicant
     I use an anonymous outer identity
     My inner authentication method is PAP.

   Basically this allows the client to send a clear text password to the
server (even though it is encrypted in the tunnel) and the server can then
use this clear text password to do an LDAP bind for authentication.

   This might not seem very clear but I am doing it all from memory.  If
this is at all waht you are trying to do, send me an email monday and I'll
send you some documentation I have on the actual setup.  Good luck.

-Al

----- Original Message ----- From: "kevin J" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 19, 2004 5:50 PM
Subject: Re: PAP not working with ldap





kevin J wrote:



Alan DeKok wrote:



kevin J <[EMAIL PROTECTED]> wrote:




Is it true?  So, PAP and some other module can't work with
ldap-authorize???



No.




CHAP worked but PAP did not work.
What configuration should I check?  RADIUS did not bring PAP but tried
LDAP for authentication.

Kevin


I am still having this problem.  Anybody who had worked for PAP with LDAP?

Kevin


-
List info/subscribe/unsubscribe? See


http://www.freeradius.org/list/users.html


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html







- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to