Aravind Arjunan wrote: > Radius(freeradius) server has configured and integrated with Openldap > server for user authentication in RHEL 5. > Using radtest, NTRadPing and Radiustest (Utility) it is working fine. I > got Access-Acept by using this utility.
Yes. Because they're not doing EAP. They're doing clear-text passwords. > From the radius debug level log and slapd log i can able to see that it > can able to fetch username and it was successful but in the case of > userPassword authetication was getting failed. You want to fetch the *password* from LDAP. Repeat after me: LDAP is a database. LDAP is not an authentication server. > How to send the User-Password in clear text format.? You don't. Wireless access points don't work that way. > Is there any way to decrypt the userpassword in RADIUS server which was > coming from access point.? No. > here is the radius debug level log ... > Processing the authorize section of radiusd.conf You are running a very old version of the server. You should really upgrade. > users: Matched entry DEFAULT at line 157 Which sets Auth-Type := LDAP. This breaks EAP. > *rlm_ldap: - authenticate* > *rlm_ldap: Attribute "User-Password" is required for authentication.* Your LDAP database doesn't do EAP. This is because it's a database. (1) Do NOT set Auth-Type := LDAP (2) Test it with clear-text passwords. If that works, (3) EAP will work, too. And you should upgrade to 2.1.3. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html