pptpd+freeradius+ldap: which password encryption can I use?

[Alberto Aldrigo]

Hi Everybody,

I'm trying to setup a PPTPD server which would authenticate users using 
my openLDAP user database, in doing so I need freeradius.
By now the only setup that actually works is: users in LDAP with clear 
text password.
Obviously I want to use some kind of encryption for passwords and I 
don't like the solution of using cleartext passwords and the use of a 
specific user allowed to access to the password attribute, so my 
question is: which other possibilities I have?
Looking to this table 
http://deployingradius.com/documents/protocols/compatibility.html I 
understand that I can use pap + sha1 but I can't understand how. Can 
anyone help me understand what is possible and what not?

Many thanks

Alberto
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

[Alberto Aldrigo]

Hi everybody,

I'm having some problems with freeradius and ldap authentication.
I need to authenticate an user connecting in vpn to my pptpd daemon, 
which will ask permission to freeradius.
I installed freeradius and configured it to use ldap in this way (i 
stripped comments to shorten the config files):


sites-available/default:


authorize {
ldap
preprocess
chap
mschap
digest
suffix
eap {
ok = return
}
expiration
logintime
pap
}

authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
}


preacct {
preprocess
acct_unique
suffix
files
}

accounting {
detail
unix
radutmp
exec
}

session {
radutmp
}

post-auth {
ldap
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}

pre-proxy {
}

post-proxy {
eap
}

modules/ldap:

ldap {
server = 10.1.98.50
identity = cn=admin,dc=domain,dc=private
password = password
basedn = dc=domain,dc=private
filter = (uid=%{%{Stripped-User-Name}:-%{User-Name}})
ldap_connections_number = 5
timeout = 4
timelimit = 3

net_timeout = 1

tls {
start_tls = no

}

dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = userPassword
edir_account_policy_check = no
}


radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct

name = freeradius

confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}

db_dir = ${raddbdir}

libdir = /usr/lib/freeradius

pidfile = ${run_dir}/${name}.pid

user = freerad
group = freerad
max_request_time = 30

cleanup_delay = 5
max_requests = 1024

listen {
type = auth

ipaddr = *
port = 0
}

listen {
ipaddr = *
port = 0
type = acct
}

hostname_lookups = no

allow_core_dumps = no
regular_expressions= yes
extended_expressions= yes

log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no

}

checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}

proxy_requests  = yes
$INCLUDE proxy.conf

$INCLUDE clients.conf

thread pool {
start_servers = 5
max_servers = 32

min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}

modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
}

instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/


When I run freeradius -X this is what I get:

FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 
2012 at 17:58:57

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/passwd
including configuration file 
/etc/freeradius/modules/sqlcounter_expire_on_login

including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/otp
including configuration file