I'm trying to get windows client (EAP-PEAP MSCHAPv2) to authenticate through freeRadius. I have eDirectory as user store. I've configured universal password and assigned the policy to respective OUs in eDir. I configured universal password policy to allow to retrieve cleartet password by users and "radmin" account, as per Novell docs. iManager RADIUS plugin is also installed, eDir RADIUS schema is extended, radius profile is applied to some users for testing (although no radius attributes are specified in that Radius profile, as Novell docs don't mention anything about it).
However, is looks like eDirectory is still not returning user's clear-text password in its LDAP reply to freeRadus server, the following warning appears in radius debug log: (WARNING: No "known good" password found in LDAP).
I followed this Novell guide to setup eDir and freeRadius: https://www.netiq.com/documentation/...ata/front.html
Here is my radius ldap config:
ldap TEST {
server = "192.168.1.1"
port = 636
identity = "cn=radmin,ou=USERS,o=TEST"
password = "password"
basedn = "ou=USERS,o=TEST"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
#base_filter = "(objectclass=radiusprofile)"
auto_header = yes
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
# start_tls = yes
tls_mode = yes
cacertfile = /etc/raddb/certs/test-tree.b64
}
dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = nspmPassword
edir_account_policy_check = no
set_auth_type = no
# access_attr = dialupAccess
keepalive {
idle = 60
probes = 3
interval = 3
}
}
#END
Any suggestions on fixing the problem are welcomed. Thanks in advance.
However, is looks like eDirectory is still not returning user's clear-text password in its LDAP reply to freeRadus server, the following warning appears in radius debug log: (WARNING: No "known good" password found in LDAP).
I followed this Novell guide to setup eDir and freeRadius: https://www.netiq.com/documentation/...ata/front.html
Here is my radius ldap config:
ldap TEST {
server = "192.168.1.1"
port = 636
identity = "cn=radmin,ou=USERS,o=TEST"
password = "password"
basedn = "ou=USERS,o=TEST"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
#base_filter = "(objectclass=radiusprofile)"
auto_header = yes
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
# start_tls = yes
tls_mode = yes
cacertfile = /etc/raddb/certs/test-tree.b64
}
dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = nspmPassword
edir_account_policy_check = no
set_auth_type = no
# access_attr = dialupAccess
keepalive {
idle = 60
probes = 3
interval = 3
}
}
#END
Any suggestions on fixing the problem are welcomed. Thanks in advance.