<div dir="ltr"><div>Thanks for the reply.</div><div> </div><div>I am new to FreeRadius and doing analysis on how to remove The "identity" and "password" attributes of LDAP module in radiusd.config and still be able to authenticate and authorize LDAP users.</div>
<div> </div><div>Is there any other option/configuration to avoid usernames and plain text passwords in the module ldap of radiusd.conf for authenticating and authorizing users of LDAP database ?</div><div> </div><div>I tried EAP-TLS method but didn't get proper result,can I use LDAP as database for EAP-TLS method,as one of forum answers is no</div>
<div> <a href="http://freeradius.1045715.n5.nabble.com/EAP-TLS-LDAP-tt2750042.html#a2750045">http://freeradius.1045715.n5.nabble.com/EAP-TLS-LDAP-tt2750042.html#a2750045</a></div><div> </div><div> I would like to use a certificate (admin) to bind to the LDAP database using FreeRadius because admin has the authority to traverse the LDAP tree.</div>
<div> </div><div> After binding using certificate i would like to Authenticate different users of LDAP using "radclient.exe -d ..\etc\raddb -f radtest.txt -x -s 127.0.0.1 auth testing1"</div><div> </div><div>if as per replies only LDAP simpile bind is possible ,how to compile OpenLDAP+SASL+FreeRadius on Windows only through cygwin ? or any other option</div>
<div> </div><div> please advice me I am wrong.</div><div>Waiting for your inputs.</div><div> </div><div>Regards,</div><div>Pramod</div><div> </div><div> </div><div>
<p> </p></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 10, 2013 at 8:34 PM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br>
<blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote"><div class="im">> There are other ways to establish the trust between radiusd and LDAP beside simple binds which do not involve passwords. All of these use SASL in some form. Unfortunately rlm_ldap does not support them. I know Alan rewrote rlm_ldap recently for the upcoming 3.0 version,<br>
> I don't know if SASL support was added or not. In any event this is an open source project and if you want this functionality then the usual mantra "Patches Welcome" applies.<br>
<br>
</div><div class="im">No it wasn't.<br>
<br>
-Arran<br>
<br>
<br>
<br>
</div>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br></div></div>