EAP-PEAP GTC auth_type
tnt at kalik.net
tnt at kalik.net
Fri Feb 27 15:54:55 CET 2009
>The LDAP server I'm authenticating against is Lotus Domino, which
>stores user password in a Lotus-specific encryption. The only way to
>use freeradius to authenticate against it is with "bind as user".
>
Talk about "painting yourself into a corner".
>The thing that I don't get yet is why on normal radius packet (without
>PEAP-GTC) I don't have to set Auth-Type explicitly, yet the ldap
>module can use either user password stored in LDAP or bind as user.
>With gtc on the other hand, I have to FORCE gtc to use Auth-Type LDAP.
>
RFC: "The EAP GTC method is intended
for use with the Token Cards supporting challenge/response
authentication and MUST NOT be used to provide support for
cleartext passwords in the absence of a protected tunnel with
server authentication."
>I was hoping that with gtc set to pap the inner-tunnel can use
>multiple modules to authenticate, including bind as user when using
>LDAP.
EAP TTLS/PAP.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list