[Openldap] Alter Auth Type Radius login

paulormbsd · December 24, 2021, 3:45pm

Hello Everyone,

I want to integrate local auth of routerboard to use an openldap database.

I try to use radius with login checkbox, but when i try to auth on my freeradius server, i received an error “MS-CHAP2-Response is incorrect”.

I want to know if there is a possibility to alter this Auth Type to use other than mschap or if have a other workaround to do this in a safe mode (not used cleartext password attr)

I checked in ppp services and it’s possible to alter, but in user menu i didn’t find.

Thanks.

tdw · December 24, 2021, 8:08pm

No, it was changed in 6.43 !) radius - use MS-CHAPv2 for “login” service authentication; so login credentials never have to be transmitted in the clear, and to allow authentication against NT-hash stores in addition to cleartext password stores which is not possible with regular CHAP.

paulormbsd · December 27, 2021, 4:41pm

Thanks for answer @tdw.

I use openldap for my freeradius and in my authorized rules, the request never match with ldap auth.

I will try to find another way to do that.

Thanks again.