Hello, Am 2016-10-28 13:06, schrieb Matthew Newton:
On Fri, Oct 28, 2016 at 12:58:38PM +0200, Marlen Caemmerer wrote: Am 2016-10-27 14:14, schrieb Alan DeKok:
Because MS-CHAPv2 doesn't supply a password.
The simple answer is that you should give the password to FreeRADIUS, and let FreeRADIUS authenticate the user. You shouldn't write a Perl script to do the authentication. What would you recommend to let FreeRadius authenticate the user? LDAP or users file or something else?
That totally depends on where your usernames/passwords are actually stored. i.e. where is your perl script looking? Basically the perl script is querying a service that just returns if the user/password is correct or not. It queries LDAP but I dont need to specify and additional rights on the LDAP server to make Radius able to connect to the LDAP. I guess this would require read permissions for the user/password fields. It this page here is still current http://deployingradius.com/documents/protocols/compatibility.html [1] I'd have to go for TTLS-PAP only anyway even if the LDAP was connected directly. With kind regards Marlen Caemmerer -- ************************************************ Alice Salomon Hochschule Computerzentrum Marlen Caemmerer Alice-Salomon-Platz 5 12627 Berlin Email: caemmerer@ash-berlin.eu ************************************************ Links: ------ [1] http://deployingradius.com/documents/protocols/compatibility.html