You can. Modify the ldap module and set “set_auth_type” = yes. This will set LDAP authentication if no other authentication type will accept your style of authentication, and then bind to LDAP using the username and password that has been passed to FreeRADIUS. See http://wiki.freeradius.org/modules/Rlm_ldap for details. In order to use this style of authentication you MUST have PAP or EAP-TTLS/PAP, which I believe Alan Buxey has already made you set. Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac.uk@lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=diamond.ac.uk@lists.freeradius.org] On Behalf Of ??? Sent: 13 January 2014 14:17 To: FreeRadius users mailing list Subject: RE: Radius Server and Ldap Server I am not sure without ldap reply with a password(even plaintext password) can authentication be success? Subject: Re: Radius Server and Ldap Server From: a.cudbardb@freeradius.org<mailto:a.cudbardb@freeradius.org> Date: Mon, 13 Jan 2014 11:20:05 +0000 To: freeradius-users@lists.freeradius.org<mailto:freeradius-users@lists.freeradius.org> On 13 Jan 2014, at 10:47, 李亚坤 <liyakun127@hotmail.com<mailto:liyakun127@hotmail.com>> wrote:
I have no right to change the setting of ldap server, and it will not reply me with a psssword. It only give me the accept message.
Then you can't do what you want. You'll need to use TTLS-PAP or another EAP method that provides the plaintext password. Arran Cudbard-Bell <a.cudbardb@freeradius.org<mailto:a.cudbardb@freeradius.org>> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html