freeradius-3.0.1 ldap authenticate
Alan DeKok
aland at deployingradius.com
Wed Feb 26 14:29:49 CET 2014
A.L.M.Buxey at lboro.ac.uk wrote:
> if thats the view then the wording on freeradius.org needs to change - anyone who
> reads 'stable' and has eg ITIL framework etc will go for that release (2.2.x)
> and not the 'latest/feature' release.
We will continue to support v2.2.x for a few years. It's OK for
people to use it.
> ..as I said..if he's done all that he's been told to do then its likely to be a bug/issue
> - in this case he hadnt done all he'd been told/instructed to do ;-)
People should avoid "Auth-Type = ldap". The ONLY reason to use it is
for Active Directory, when the request has User-Password. For all other
LDAP directories, FreeRADIUS should just grab the password from LDAP,
and do the authentication itself.
> I'd submitted a config change via github to make all this much easier for admins to see
> - which appears to have been rejected. which is a pity - as if you are now changing how
> the server/module works and dont put the relevant parts that people need into place then it
> becomes harder for the server to be configured correctly for purpose (and lets face it,
> for a lot of people this server is hard to configure anyway) - especially relating to this
> LDAP change in behaviour - other modules/configs have the required unlang present next to
> them to uncomment/use...just a few lines of code to stop many many similar queries about
> 3.x and LDAP ? think of the users.
The default configuration should work for nearly all LDAP servers.
For Active Directory, they should probably be using ntlm_auth, which is
also documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list