Hi all,
I'm using eap for authentication on wired connection ( using
freeradius 2.0.5 and LDAP backend ), most of our clients are windows
machine so there's little choice for using eap, that is eap-MD5 and PEAP
mschapv2.
Using EAP-MD5 there isn't any problem, the problem begin with PEAP
oh and also when using users file the PEAP just run with no problem, the
problem rise only when using LDAP
Thanks
Ryan Setiawan H wrote:
Hi all,
I'm using eap for authentication on wired connection ( using
freeradius 2.0.5 and LDAP backend ), most of our clients are windows
machine so ther
Ryan Setiawan H wrote:
oh and also when using users file the PEAP just run with no problem, the
problem rise only when using LDAP
Thanks
Ryan Setiawan H wrote:
Hi all,
I'm using eap for authentication on wired connection ( using
freeradius 2.0.5 and LDAP backend ), most of our clients are
Ryan Setiawan H wrote:
...
> rlm_ldap: Added User-Password = Testing10 in check items
> ---
> clearly freeradius can see the password and also it clear text :)
> below i also add samba schema that contain LM and NT password
...
> -
rlm_ldap: Added User-Password = Testing10 in check items
---
clearly freeradius can see the password and also it clear text :)
below i also add samba schema that contain LM and NT password
...
-
Ryan Setiawan H wrote:
>> Please post ALL of the debug output. I suspect that you are doing the
>> ldap lookups OUTSIDE of the TLS tunnel rather than INSIDE.
...
> repost forgot change subject
> I'm sorry I didn't include all the debug, because it was so large...
> anyway here the debug :
As
rlm_ldap: Added User-Password = Testing10 in check items
---
clearly freeradius can see the password and also it clear text :)
below i also add samba schema that contain LM and NT password
...
-
Ryan Setiawan H wrote:
Please post ALL of the debug output. I suspect that you are doing the
ldap lookups OUTSIDE of the TLS tunnel rather than INSIDE.
...
repost forgot change subject
I'm sorry I didn't include all the debug, because it was so large...
anyway here the debug :
Ryan Setiawan H wrote:
> Hi, I've uncomment the ldap section at inner-tunnel also make sure at
> eap.conf default eap type peap, but still don't work. I've tried to make
> the eap session directly go to inner-tunnel server at client.conf,
That's not a good idea. It won't work.
> rlm_mschap: In
rlm_mschap: Invalid LM-Password
rlm_mschap: Invalid NT-Password
Well, that should be a hint. How about trying to add a user &&
password in the "users" file? An example is in the FAQ.
when using users file it just work, the problem rose when using ldap backend.
In ldap database, I've adde
Ryan Setiawan H wrote:
>>> rlm_mschap: Invalid LM-Password
>>> rlm_mschap: Invalid NT-Password
>>
>> Well, that should be a hint. How about trying to add a user &&
>> password in the "users" file? An example is in the FAQ.
>
> when using users file it just work, the problem rose when using ldap
The passwords you've added are invalid. The debug message is telling
you that.
Perhaps you could try posting WHAT you entered as LM-Password and
NT-Password. Odds are you entered invalid ones. Because the debug
message is telling you that they're invalid.
Here the attribute at LDAP s
Ryan Setiawan H wrote:
> Here the attribute at LDAP server for user testing
>
> dn: uid=testing,ou=dialup,dc=zzz,dc=com
...
> lmPassword: Testing10
> ntPassword: Testing10
And here we have it. Those are NOT valid lmPassword or ntPassword
fields. You are putting the clear-text password into th
I've changed the lm and nt password using hash one, and now it works
thanks Alan
And here we have it. Those are NOT valid lmPassword or ntPassword
fields. You are putting the clear-text password into those fields. The
clear-text password belongs in the "userPassword" field.
Delete the lmP
14 matches
Mail list logo