William E. Russell a écrit :
All,
I am currently working with openLDAP and freeRADIUS.
I have correctly set up freeRADIUS to read from my openLDAP. I can't
seem to authenticate my user. I have narrowed down the error to a single
line, "rlm_eap_mschapv2: Invalid response type 4". From my hours of
searching online, I have realized that all this means is that there was an
error in the response packet. I have no idea what error could have occurred.
I believe it may have to do with the password_attribute. I read something
documentation that said there was some issue with LDAP and passing a
cleartext password. Also, as you can see, I am using EAP/PEAP with MSCHAP.
Any body have any insight in to this type of thing? If I could just get some
help on how to set up the LDAP and RADIUS, that would be great - I have read
just about every single tutorial so please don't direct me to one of those.
I need someone who has a similar set up - what did you use for password
attribute?
William
William E. W. Russell
Member of Technical Staff (Software Development)
198 Brighton Avenue
Long Branch, New Jersey 07740
Home #: 732-752-2037
Cell #: 732-744-6483
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I have nearly the same installation as you. If you want tu use EAP/{PEAP
or TTLS} with MSCHAPv2, the userPassword attribute in LDAP must be
crypted before loading it in ldap database. Also Freeradius (via the
module MSCHAP) needs to get the userPassword attribute (via NT-password
mapping in ldap.attrmap file).
To encrypt a password, use "smbencrypt" to generate two type of hashes:
LM hash and NT hash. you must use the NT hash for MSCHAPv2 to work properly
hope this may help...
--
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4
tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
