On Fri, Aug 29, 2008 at 11:57 PM, Ivan Kalik <[EMAIL PROTECTED]> wrote: >>modcall: entering group MS-CHAP for request 6 >> rlm_mschap: No User-Password configured. Cannot create LM-Password. >> rlm_mschap: No User-Password configured. Cannot create NT-Password. >> rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password >> rlm_mschap: No NT-Password configured. Trying DirectoryService >> Authentication. > > What is the password entry for this user in ldap? Is it encrypted? > > Ivan Kalik > Kalik Informatika ISP
The password are stored in the "default OS X Server way" for a shared domain. This is in what Apple calls Open Directory: meaning that the LDAP stores a pointer (aka a password slot) which references the actual password which is stored in a database seperate from the LDAP. Details can be found on page 41 in this document: http://images.apple.com/server/macosx/docs/Open_Directory_Admin_v10.5.pdf This mechanism is what is working "out of the box". Earlier on I made a test environment where this worked - the difference being the test environment was a server and an access point communicating directly. Now - the real scenario - the server is working in what I think is called proxy mode, the authentication requests does not originate directly from the access point, but is "relayed" (my best description) via the Eduroam DK top level servers. NB.: I suspect that the LDAP is not even queried, I am not yet able to find any clues in the logfiles indicating anything else :( - TvE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html