Andreas Haumer <[EMAIL PROTECTED]> wrote: > > Please configure a clear-text password for the user in the LDAP > > entry for that user. See doc/ldap_howto.txt. Until you configure a > > clear-text password which FreeRADIUS can retrieve, MS-CHAP will never > > work. > > > Hm... > Are you sure? ;-))
You can also use NT-Password, but that level of complexity is too much to explain in a simple answer. > c) A Linux OpenLDAP server where all the user information is > stored. We DO NOT have any cleartext password in the LDAP > tree, but we have the complete sambaV3 LDAP schema including > sambaLMpassword and sambaNTpassword attributes. That will work. But explaining how to set up Samba is too complicated for this list. In 99.9% of the cases, setting up a username && clear-text password makes everything work. I am continually amazed at the amount of effort many people put into ensuring the server doesn't work. > I would really like your comments about this. Why do people > keep telling that this kind of setup would not work? Is this > some unsupported feature or something like that? No, but they probably don't understand how it works, so they think it won't work. It will, but it's too difficult to explain. > There are still some mysteries about radius configuration > (at least for me), but the MS-CHAP+LDAP IMHO is solved. Passwords (clear-text or NT-Password) are taken from LDAP during the "authorize" section. The MS-CHAP data in the Access-Request password is verified in the "authenticate" section. The password previously found in "authorize" is used by the server to validate the MS-CHAP data. It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html