[c-nsp] WLC & FreeRADIUS WPA

Lajber Zoltan lajbi at lajli.gau.hu
Tue Nov 28 15:45:46 EST 2006


Hi,

On Tue, 28 Nov 2006, matthew zeier wrote:

>   rlm_eap: Handler failed in EAP/peap
>    rlm_eap: Failed in EAP select
>    modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: group authenticate returns invalid for request 7
> auth: Failed to validate the user.

In case of EAP/PEAP, win* clients send passord in encripted form
(NT or LM hash). Radius try to compare NT-Password. You should map radius
NT-Passord to some LDAP password (for example sambaNTpassword). More on
this: radius must be able to _read_out_ this attribute from LDAP. Compare
just not enought.

If this not able, radius try to bind to ldap as given user, with given
password. In case of NT/LM hash, this seams to be impossible, except your
ldap is an AD.

Bye,
-=Lajbi=----------------------------------------------------------------
 LAJBER Zoltan               Szent Istvan Egyetem,  Informatika Hivatal
  Experience is something you don't get until just after you need it


More information about the cisco-nsp mailing list