>>>pap against LDAP works fine >>>chap against LDAP works fine (With ntradping) >> >>They used different password. > >Do you mean chap and MSCHAPv2 require passwords in different formats or >something?
No. There is a clear text password stored somewhere. >I can auth CHAP, but with the same username and password can't auth >CHAPv2 >(with no config change on freeradius) >My two debugs show that >Debug: rlm_ldap: sambaNtPassword -> NT-Password == >0x4145394341303636374123413937333342303139423034323445363933373332 >So the NT-Password is being retrieved from LDAP in both cases. > Yes. But chap wasn't using it. >>A coorect password. > >Do you think the has being retrieved from LDAP is wrong then? Yes. >If I do put in an incorrect password I do get the same error message. > No surprise. >>***** >>>Tue Nov 11 10:10:26 2008 : Info: [chap] Using clear text password >>>"ommitted" for user testuser authentication. >>***** >> >>>Where did that come from? > >I don't know - inside tha chap module? No. >It's retrieved from LDAP. Not that I can see. Post the whole debug and I will tell you where is clear text password possibly stored. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html