Hi, > I guess the obvious question is why can't the Radius server simply perform > a bind attempt to the LDAP server during authentication, as opposed to > trying to compare the password received by the authenticator to the ssha-1 > password stored in ldap? I guess the obvious answer is that it can only bind if it has the user's password. When using MS-CHAP the password is already hashed when the server gets it, so how could he possibly perform the bind operation? Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
pgpmnvH9zP6zI.pgp
Description: PGP signature