Vladimir Vuksan <[EMAIL PROTECTED]> wrote: > Apparently I am missing something since it is not working. FreeRADIUS is > 1.1.0-pre0 snapshot from 20050311. Client is Mac OS X laptop. I was able > to get the client going with users file and plain text passwords.
Ok... > I got following in radiusd.conf > > pap { > encryption_scheme = md5 The docmentation for the PAP module says you don't have to do that. Please read it. > authorize { > eap > ldap > } I don't see why you've deleted most of the configuration that the server uses. Do you understand HOW the default configuration works? If not, don't edit it. > TTLS: Got tunneled request > User-Name = "testuser" > MS-CHAP-Challenge = 0x11e51e2be2b881db5d0d71d23265ebc6 > MS-CHAP2-Response = <sigh> I have three problems here: 1) The tunneled session is MS-CHAP, not PAP. The server is telling you this in the debug messages! I don't understand why you are asking about TTLS + PAP when you're using TTLS + MSCHAP. Please do not post misleading messages to the list. 2) This would work in the default configuration, if you did nothing more than configure a clear-text password for the user. > rlm_ldap: performing search in dc=domain,dc=com, with filter (uid=testuser) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... 3) you didn't configure a clear-text password like I told you to. In your case, you should have configured it in LDAP. 4) LDAP servers don't do MS-CHAP authentication. What you are trying to do is impossible. In the future, please describe what you're actually doing, and follow the instructions given on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html