Radius and Ldap Authentication problem
Olivier Beytrison
olivier at heliosnet.org
Thu Jan 16 14:04:46 CET 2014
On 16.01.2014 12:24, 亚坤 李 wrote:
> As mschapv2 is not supported by ldap, so I use ttls as the default peap
> method.
Wrong, with ldap (except if you run Novell eDirectory), the only working
solution is EAP-TTLS/PAP, where the password is sent in clear-text
within the TLS tunnel and thus can be used to bind to the ldap server.
Other solution would be to store the NT-Hash within your ldap directory,
then mschapv2 would work.
> All of the above are the problem what I encountered by now, can anyone
> help with this, this problem really drive crazy, Thanks.
The list already answered to your question and directed you to the
following page :
http://deployingradius.com/documents/protocols/compatibility.html
If it's RED, it's impossible. So don't ask how it can work because it
won't work. Ever.
Olivier B.
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list