FR + LDAP + PAM + encryption question
mem.namefix at gmail.com
Mon Apr 23 17:04:30 CEST 2007
lol, I admit I am a stress case :P
One more question before crashing out tonight, which would u say is a
more secure method
ntlm_auth -> win2k3 ADS
ldap -> win2k3 ADS
considering the encryption / encapsulation methods available.
Or is this another instance where Im over thinking the isssue.
On 4/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> Jacob Jarick wrote:
> > Is it possible to encasuplate PAP inside another protocol say EAP to
> > prevent from packet sniffers etc.
> Please stop worrying about how RADIUS works. It's fine.
> Packet sniffers can't grab the PAP passwords.
> > Failing that is it possible to asign vlans bases on ldap primary group
> > via the ntlm_auth method.
> No. ntlm_auth is just for authentication. You have to configure the
> server to do LDAP group lookups for per-group VLAN assignment. See
> messages on this list in the last week or so, which include examples.
> Alan DeKok.
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users