CHAP/MS-CHAP/MS-CHAPv2 + LDAP problem
vilius at lnk.lt
Thu Sep 1 11:32:11 CEST 2005
I'm having trouble authenticating from VPN box through Radius server to LDAP.
My VPN uses MS-CHAP challenge/response system for authentification.
Packet that comes from VPN to Radius server looks like this:
User-Name = "admin"
MS-CHAP-Challenge = 0x45bc0700dd22f6795f77bbe0d986328c
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.1.1.202
But Radius can't autenticate to LDAP as there is no User-Password
attribute in the packet. (rlm_ldap: Attribute "User-Password" is
required for authentication).
Is there a way to do this authentification and NOT turning MS-CHAP
protocol in VPN box? Are there some kind of preauth hooks in Radius?
I'm using freeradius-1.0.1-1.1.RHEL3 with openldap-2.0.27-17 and
Netware 6.0 Directory Services.
P.S. I tried to turn MS-CHAP protocol and it works great with PAP or
plain-text passwords. So everything is configured to work well with
LNK TV system administrator
mob.: +370 614 75713
More information about the Freeradius-Users