Re: FreeRADIUS + OpenLDAP + MSCHAPv2

Tim Gustafson wrote: > Ok, I've upgraded to FreeRADIUS 2.0.5 on a FreeBSD box (the FreeBSD ports is > more up-to-date than the CentOS Yum repositories apparently). > > However, upon reading the documentation in modules/ldap, I see this: ... > So, does this mean that you can't do MSCHAPv2 against

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

See: http://deployingradius.com/documents/protocols/oracles.html Ken On Tue, Nov 18, 2008 at 01:29:48PM -0800, Tim Gustafson wrote: > Ok, I've upgraded to FreeRADIUS 2.0.5 on a FreeBSD box (the FreeBSD ports is > more up-to-date than the CentOS Yum repositories apparently). > > However, upon r

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

Ok, I've upgraded to FreeRADIUS 2.0.5 on a FreeBSD box (the FreeBSD ports is more up-to-date than the CentOS Yum repositories apparently). However, upon reading the documentation in modules/ldap, I see this: # However, LDAP can be used for authentication ONLY when the # Access-Request packet c

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

On Nov 14 Tim Gustafson wrote: I'm running FreeRADIUS on a shiny-new CentOS 5.2 machine. The easiest way to install the latest FreeRADIUS on CentOS I know of is to visit , find the latest source RPM and rebuild it. It's a small am

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

Tim Gustafson wrote: > I have fixed that; the copy that I sent you was indeed broken. I can now > authenticate using standard (non-MSCHAP) authentication against the LDAP > server. I haven't been able to get the radeapclient program working yet - it > keeps crashing with an error that apparent

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

> And so much more (peap is misconfigured, as is ldap, > mschap auth type is gone, there is nothing to get > the password from ...). That will not work. I have fixed that; the copy that I sent you was indeed broken. I can now authenticate using standard (non-MSCHAP) authentication against the LD

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

>> ntlm_auth line is commented out by default. > >Ok, I see that. > >>From what I understand, MSCHAPv2 needs access to the unencrypted user >>password, and OpenLDAP doesn't offer that. I'm guessing I'll have to add an >>unencrypted password field to the LDAP server to make this work, but that's

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

> ntlm_auth line is commented out by default. Ok, I see that. >From what I understand, MSCHAPv2 needs access to the unencrypted user >password, and OpenLDAP doesn't offer that. I'm guessing I'll have to add an >unencrypted password field to the LDAP server to make this work, but that's >not b

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

>> There is nothing to do. It's already active >> in default configuration. > >Really? Because the default config seems to want to use ntlm_auth to >authenticate mschapv2 users, which is a samba helper designed to authenticate >a user against a samba server, not an OpenLDAP server. > ntlm_auth

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

> There is nothing to do. It's already active > in default configuration. Really? Because the default config seems to want to use ntlm_auth to authenticate mschapv2 users, which is a samba helper designed to authenticate a user against a samba server, not an OpenLDAP server. I'm thinking what

Re: FreeRADIUS + OpenLDAP + MSCHAPv2

>I'm running FreeRADIUS on a shiny-new CentOS 5.2 machine. > >I'm trying to figure out how to configure FreeRADIUS to authenticate against >an OpenLDAP server using MSCHAPv2. I Googled a lot of different phrases, and >came up with some things that were mildly helpful. Right now, I have >FreeRA

FreeRADIUS + OpenLDAP + MSCHAPv2

Hello, I'm running FreeRADIUS on a shiny-new CentOS 5.2 machine. I'm trying to figure out how to configure FreeRADIUS to authenticate against an OpenLDAP server using MSCHAPv2. I Googled a lot of different phrases, and came up with some things that were mildly helpful. Right now, I have FreeR