Florian Prester <Florian.Prester@rrze.uni-erlangen.de> wrote:
1.) PAP is just the clear-text password???
Yes.
-> I thought pap is hashing the password with a challenge (MD-5).
Stop worrying about it. PAP is the clear-text password.
So I want to the server to hold a crypted Password (MD-5) for PAP, but retrieving that from the ldap server.
If the LDAP server has a clear-text password for MS-CHAP, you might as well use it for PAP. Trying to make PAP use a crypt'd password is a waste of time, and doesn't gain anything.
2.) I do not want to do any binding to the ldap for authentication!
So... don't list "ldap" in the "authenticate" section.
3.) For authentication I want to provide PAP, CHAP, and PEAP+TLS using MsCHAPv2.
How can I do that? If use the radiusd.conf as it comes the radius wants to use ldap for authentication.
No, it doesn't. The default radiusd.conf doesn't use ldap at *all*.
authenticate { ... ldap { pap }
WTF? Don't do that! Alan DeKok.