Alan, Thanks for the response.
> Do you mean EAP-MD5? I'm not sure what MD5-Challenge is...
Yes - EAP-MD5, The windows side (supplicant) is set to MD5-Challenge
>> I did get EAP to work when I supply the User-Password attribute in the users file, but I would like LDAP to fetch this if it is possible.
> If you're using LDAP, it should be doing that already.
I don't think it is configured right. So far I have been using LDAP for groupmembership searches only. How do you tell LDAP to fetch User-Password attribute?
>> If I remove the User-Password attribute in the users file, the dubug out
>> shows: User-Password is required for EAP-MD5 authenitication.
Are you getting the User-Password attribute from LDAP? The debug
log should show this.
>> Username
>> Password
>> Domain
>>
>> If you supply all three values, the debug shows:
>>
>> Identity does not match user-name
> You're re-writing the User-Name attribute somewhere. Again, the debug log will show this.
I didn't see anything in the log. If I provide the domainname debug shows username as domain\\username, LDAP shows it as domain\username, and rlm_eap complains about Identity not matching.
-Robert Graham
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
