Hi all,
We've got our freeradius servers working with LDAP fine, except for
CHAP. Originally, the logs were saying "Invalid user \\user", but we
fixed that by enabling an option in radiusd.conf.
Now, when we dial up without encrypted password enabled, the
connection comes through successfully. However, when we enable the
encrypted password option and try again, we get:
Thu Dec 15 18:12:52 2005 : Auth: Login incorrect (rlm_ldap: empty
password supplied): [username/] (from client 123.123.123.123 port
3088 cli 2125550404)
Its saying the password is empty, but we are indeed using a password.
Does anyone have any ideas? We've followed the instructions in the
FAQ (CHAP above LDAP in the authorize section, no := Auth-Type,
etc.)..... it just doesn't seem to want to recognize that a password
is being entered.
For the record, no query hits the LDAP server during a CHAP
authentication...... so its obviously something with the config of
freeradius.
We've narrowed the problem down. When a user with Windows XP connects
using CHAP, we get a successful connection with CHAP. However, a user
using Windows ME or Windows 98 with "use encrypted password" are the
ones causing the above error and not working.
-Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html