Rob Shepherd <rob@techniumcast.com> wrote:
I'll use PAP (ldap auth)
Please don't. It makes everything harder. LDAP is a database, not an authentication server. Have the server read the clear-text password from LDAP, and the server will figure out how to authenticate the user. Remove "ldap" from the "authenticate" section. It's just not necessary.
from the VPN concentrator but mschapv2 from the wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM hashes already in the LDAP, I just need to extract them...
See ldap.attrmap.
Could I get a pointers on how I command the right auth type for the right device.
You don't. You supply the server with passwords, and it figure out what to do.
And how I get the nt/lm hashes from ldap and do mschapv2..
ldap.attrmap, and the server will figure out what to do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog