Hello, I'm new to Radius. So basically i tried to setup 2 Radius server, one runs on our SLES 10 PROD (Radius and Novell LDAP sit on the same server) - this is works fine using eap_mschapv2 authentication. Radius version is 1.X. We use Radius to authenticate our wireless and get LDAP authentication. So no issue with this.
Second server - SLES 11 ; i get the installer directly from Novell and its use version 2.1.1. So it seems the config way is different but i did try match with the Radius 1.X config (just a dffierent module i guess). Everything works fine, except 1 things. In Radius 1.x - SLES 10 when i run radiusd -X ; i don't see the user password (which is good). but in Radius 2.1.1 i can see it clearly ... how can i eliminate this cleartext password being showed there? I'm new to this authentication method or eap_mschap protocol, so please bear with me :) *[peap] Got tunnled request EAP-Message = 0x020a00061a03 server (null) { PEAP: Setting User-Name to sdholakia2 Sending tunneled request EAP-Message = 0x020a00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "sdholakia2" State = 0xf32f92c4f22588e5c2ccbfc052ff2f65 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[control] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] EAP packet type response id 10 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for sdholakia2 [ldap] expand: (uid=%u) -> (uid=sdholakia2) [ldap] expand: ou=Active,ou=Users,o=FSID -> ou=Active,ou=Users,o=FSID rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Active,ou=Users,o=FSID, with filter (uid=sdhoakia2) [ldap] Added the eDirectory password Test in check items as Cleartext-Passwrd [ldap] looking for check items in directory...* While at radiusd -X of the radius 1.X i can only see *Added the eDirectory password * *[ldap] looking for check items in directory... * Best Regards, Danny
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html