FR + LDAP + PAM + encryption question

Jacob Jarick mem.namefix at
Mon Apr 23 17:04:30 CEST 2007

lol, I admit I am a stress case :P

One more question before crashing out tonight, which would u say is a
more secure method

ntlm_auth -> win2k3 ADS
ldap -> win2k3 ADS

considering the encryption / encapsulation methods available.

Or is this another instance where Im over thinking the isssue.

On 4/23/07, Alan DeKok <aland at> wrote:
> Jacob Jarick wrote:
> > Is it possible to encasuplate PAP inside another protocol say EAP to
> > prevent from packet sniffers etc.
>   Please stop worrying about how RADIUS works.  It's fine.
>   Packet sniffers can't grab the PAP passwords.
> > Failing that is it possible to asign vlans bases on ldap primary group
> > via the ntlm_auth method.
>   No.  ntlm_auth is just for authentication.  You have to configure the
> server to do LDAP group lookups for per-group VLAN assignment.  See
> messages on this list in the last week or so, which include examples.
>   Alan DeKok.
> --
>       - The web site of the book
> - The blog
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list