Mike Richardson wrote:
I've been making changes for 8 hours a day for over a week so it might differ from the original.
Which is a bit of a problem in and of itself.
However I been back to the defaults twice. As of tomorrow I'll reinstall and try it again. From what you're saying I believe I need to put in the LDAP config for our eDirectory and uncomment any LDAP authorisation/authentication entries. Anything else?
Not for LDAP.
Then I can use radtest to test the authentication?
Yes.
How does the config know to use PAP rather than CHAP/MSCHAP?
Because all of the experience of the developers working for years with RADIUS is distilled into the configuration files.
I've been through every config guide I can find on the net, several times.
If it takes more than 10 minutes to get FreeRADIUS authenticating to LDAP, ask a question on the list. Honestly. It's *so* much better to get an answer on the list than to fight for a week...
It's only today though that I found a site which explained the limitations of the PAP/CHAP/MSCHAP with respect to password encryptions.
My deployingradius.com site? It has a number of resources.
Most guides assume MSCHAP, for use with PEAP, and most use flat file user authentication. Not many touch on LDAP and only Novell have eDirectory based documentation.
Of course. Only Novell understands how eDirectory works. For LDAP, buy the O'Reilly OpenLDAP book. It has a good section on getting OpenLDAP && FreeRADIUS to talk to each other. It's very quick... Alan DeKok.