Re: Freeradius doesn't work with ldap

[Eduardo Lima <duwise2003@yahoo.com.br>]

Alan, I didn't find any option for the mschapv2 problem in your web page. 

Unencrypt ldap passwords is not a smart solution.

It seems that windos xp client only accept mschapv2 or TLS to authenticate, if a use TLS,  I cannot use ldap because only the client certificate is used to authenticate.

In my network, I need to authenticate with the mail passwords stored in ldap.

Server: red hat with freeradius
Client: windows xp sp2

Protocols: PEAP + MSCHAPv2 + LDAP

I don't use TLS because it only uses certificates to authenticate.

Do you have any suggestion???





Alan DeKok <aland@deployingradius.com> escreveu:
>  Eduardo Lima wrote:
> > So I'll have to unencrypt all the ldap passwords to use mschapv2???
>
>   Yes.  See the web page for your options.
>
> > What
>  about the ldap database security??
>
>   The LDAP database has to be kept secure.
>
>   Please go read the web page again.
>
>   If you want to use MS-CHAP, your options are limited for how to store
> passwords.  If you don't like those options, then don't use MS-CHAP.
>
>   If you want to store passwords via a different method than is
> permitted in the table, AND you want to use MS-CHAP, then you need to
> change your requirements to match reality.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

---

Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!