Forgive the newbie questions but I think its best to clear up confusion. client -> cisco -> FR server = eap FR -> ADS 2003 = pap Is that correct or am I way off track. On 4/23/07, Alan DeKok <aland@deployingradius.com> wrote:
Jacob Jarick wrote:
Thanks again Alan, For reference the oriellys LDAP book instructs you to set "Auth-Type := LDAP" so thats where I got the bad reference (perhaps other people to).
Yes. There is a LOT of documentation (web pages, etc.) that say to do the wrong thing. It's unfortunate that the people writing those don't read the FreeRADIUS docs first, and don't ask us to review their configuration.
Now lets see if I understood the tables correctly.
PAP is the only method that will support LDAP bind as user ?
It's the other way around. LDAP "bind as user" only works with PAP.
When Using PAP -> LDAP will I still have to map userPassword to User-Password ?
No.
I've added some more code that will go into 1.1.7 && 2.0. If the LDAP module succeeds in retrieving a password from LDAP, it does NOT set Auth-Type to LDAP.
Will there be extra configuration required on free radius to make use of pap -> ADS ldap or will it work automatically because ldap is configured in the modules {} section.
I would ask what other authentication protocols you need to support before suggesting to set Auth-Type to LDAP.
Wont using PAP mean plain text password from client -> cisco wap -> radius -> ADS server ?
No. 802.1x uses EAP, which is NOT PAP, and which is NOT compatible with Auth-Type = LDAP.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html