"Christopher Price" <[EMAIL PROTECTED]> wrote:
> I was told to change as little as possible in the configuration files
> and PEAP/MSCHAPv2 using Microsoft's 802.1x client with and LDAP backend
> DB would work fine. This is not the case and I would appreciate any
> suggestions on what to modify to make this work.
OK...
> The only portion of the config that I changed was the ldap module
> section (to point to my ldap server) and the ldap line in the
> authorize section (uncommented the single line).
You have to configure the tls{} subsection of eap.conf, too.
> I have included some output from the server when I attempt to
> authenticate.
You've edited the output. Don't do that. It makes it impossible
for anyone to help you.
> rad_recv: Access-Request packet from host 172.16.83.1:32830, id=20,
> length=111
> User-Name = cprice
> NAS-IP-Address = 172.16.80.4
> NAS-Port = 29
> NAS-Port-Type = Wireless-802.11
> Calling-Station-Id = 00904B91CCAF
> Called-Station-Id = 000B86010C80
> Framed-MTU = 1300
> EAP-Message = 0x0217000b01637072696365
> Message-Authenticator = 0xa125c1b253031500294644d1f713050e
> rlm_ldap: - authorize
There should be a LOT more text between the "Message-Authenticator"
line and the "rlm_ldap" line.
If you don't understand why it doesn't work, you don't know which
parts of the debug log are important, so editing it means you WILL
delete the important bits, making it impossible for anyone to help
you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
