Vladimir Vuksan <[EMAIL PROTECTED]> wrote:
> Apparently I am missing something since it is not working. FreeRADIUS is
> 1.1.0-pre0 snapshot from 20050311. Client is Mac OS X laptop. I was able
> to get the client going with users file and plain text passwords.
Ok...
> I got following in radiusd.conf
>
> pap {
> encryption_scheme = md5
The docmentation for the PAP module says you don't have to do that.
Please read it.
> authorize {
> eap
> ldap
> }
I don't see why you've deleted most of the configuration that the
server uses. Do you understand HOW the default configuration works?
If not, don't edit it.
> TTLS: Got tunneled request
> User-Name = "testuser"
> MS-CHAP-Challenge = 0x11e51e2be2b881db5d0d71d23265ebc6
> MS-CHAP2-Response =
<sigh> I have three problems here:
1) The tunneled session is MS-CHAP, not PAP. The server is telling
you this in the debug messages! I don't understand why you are asking
about TTLS + PAP when you're using TTLS + MSCHAP. Please do not post
misleading messages to the list.
2) This would work in the default configuration, if you did nothing
more than configure a clear-text password for the user.
> rlm_ldap: performing search in dc=domain,dc=com, with filter (uid=testuser)
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
3) you didn't configure a clear-text password like I told you to.
In your case, you should have configured it in LDAP.
4) LDAP servers don't do MS-CHAP authentication. What you are
trying to do is impossible.
In the future, please describe what you're actually doing, and
follow the instructions given on this list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
