[c-nsp] WLC & FreeRADIUS WPA
Lajber Zoltan
lajbi at lajli.gau.hu
Tue Nov 28 15:45:46 EST 2006
Hi,
On Tue, 28 Nov 2006, matthew zeier wrote:
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: group authenticate returns invalid for request 7
> auth: Failed to validate the user.
In case of EAP/PEAP, win* clients send passord in encripted form
(NT or LM hash). Radius try to compare NT-Password. You should map radius
NT-Passord to some LDAP password (for example sambaNTpassword). More on
this: radius must be able to _read_out_ this attribute from LDAP. Compare
just not enought.
If this not able, radius try to bind to ldap as given user, with given
password. In case of NT/LM hash, this seams to be impossible, except your
ldap is an AD.
Bye,
-=Lajbi=----------------------------------------------------------------
LAJBER Zoltan Szent Istvan Egyetem, Informatika Hivatal
Experience is something you don't get until just after you need it
More information about the cisco-nsp
mailing list