FreeRadius, OpenLDAP, Samba, Libnss

I currently have OpenLDAP storing posixAccounts and sambaSamAccounts.  I am now trying to get my firewall/vpn authenticate remote vpn users off of the OpenLDAP server in some sort of a secure fashion (or any fashion at this point).  I have gotten FreeRadius to work properly for local unix accounts and partially for OpenLDAP posix accounts using clear text.  I am trying to get the VPN to utilize the sambaNTPassword attribute.  

rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in <FOO BAR>, with filter (uid=efaden)
rlm_ldap: checking if remote access for <ME> is allowed by dialupAccess
rlm_ldap: Added password <sambaNTPassword String> in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaNTPassword as NT-Password, value <sambaNTPassword String> & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value <sambaLMPassword String> & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user efaden authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1

That is the debugging output from FreeRadius.  This is what happens with the LDAP passwordAttribute set to sambaNTPassword.  What am I doing wrong?  I believe that mschap is not actually loading.  Anyone?
Who is Participating?
nociConnect With a Mentor Software EngineerCommented:
Many protocols use something known as Challenge/Response or certificate type
of information. These can only be handled if radius can replay this challenge/response (ie it get the challenge & response from the NAS (firewall, vpn device) using challange + unencrypted password should yield the same response.
 if equal the password fitted, if not then alas, a different password was used at the
NAS's end.

Also have you looked (with google, at the freeradius mailing list?)
There is a lot of information there.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.