Antw: Re: Is LDAP + EAP Possible For Me?

Anja Ruckdaeschel Anja.Ruckdaeschel at rz.uni-regensburg.de
Wed Apr 30 13:20:06 CEST 2014


With Novell Client and NMAs enabled, yes.
But that's not the case for every type of login (e.g. *not* with a LDAP Login
without NMAS, but with a Novell Client Login with NMAS enabled).

Please see the NetIQ-Docs for the possible "permutations"of passwords and
systems....
it depends on your individual edir configuration and policy deploy how the
passwords are synced (or even not synced).

I think, most people use a completely password synced setup, so they need ways
to sync the passwords in their edir....





>>> Stefan Paetow <Stefan.Paetow at ja.net> 30.04.2014 10:45 >>>
Ahhhh,

So the users have to log into NDS at least once to populate their Universal
Password before they attempt to authenticate through RADIUS. Do I understand
that correctly?

Stefan

-----Original Message-----
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org
[mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On
Behalf Of Anja Ruckdaeschel
Sent: 30 April 2014 09:27
To: FreeRadius users mailing list
Subject: Re: Antw: Re: Is LDAP + EAP Possible For Me?

Dear Alan,

it´s a little mor complicated.... 

Like
https://www.netiq.com/documentation/edir_radius/radiusadmin/data/bxxer30.html

says:
"Enabling Universal Password for eDirectory Users Ensure that you enable
Universal Password for the users in eDirectory. After enabling, you need to set
the Universal Password either manually or by logging in. 
"

Basic concept is, that you have to trigger the sync from the NDS password
(Hash) to the universal passsword store per user, partitiion or tree, ...
That´s e.g. also possible wih a Novell Client Login with NMAS enabled, but a
password change does always do a password sync.
Just wanted to point out the way working for the most edir setups....

But all of that is depending from how you want to have your policies, use your
passwords and which methods you use....
e.g. you can also do a no sync policy between those passwords.... as you like
it.

See also:
https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpcc1q.html

https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpccs8.html


and

https://www.netiq.com/documentation/edir88/pwm_administration88/data/alpccv4.html




Ciao Anja



>>> <A.L.M.Buxey at lboro.ac.uk> 29.04.2014 23:27 >>>
Hi,

> Are you saying that if universal password will not enable it for 
> existing
users who are not changing their passwords? That sucks. :-/

interesting - its not something I've seen - UP gets turned on, things just
work(tm)

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list