FR3.0 and LDAP
mgw at umk.pl
Tue Aug 13 10:01:36 CEST 2013
W dniu 12.08.2013 21:36, Alan DeKok pisze:
> Maja Wolniewicz wrote:
>> In FR3.0 the Auth-Type=LDAP isn't set in the rlm_ldap module, the
>> authorize section ends with Auth-Type=PAP, so authentication goes to the
>> PAP module.
> That's what's supposed to happen when you use LDAP as a database.
>> I can't find a place in the FR3.0 source, where Auth-Type=LDAP is set -
>> in a few comments it is mentioned that such a setting happens
>> Am I missing something?
> Nope. You're supposed to let LDAP be a database, and FreeRADIUS be an
> authentication server.
That solution works well but the really drawback is that userPassword
attributes have to be readable by a user.
Our freeradius server uses a few of LDAP databases (depending on the
realm) and not all of them are under our control.
These without our control offer only the EAP-TTLS authentication so
there is no need to read a password attribute, only binding is allowed.
I doubt we could convince administrators of these databases to open
access to the userPassword attribute.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Maja Gorecka-Wolniewicz mgw at umk.pl
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3393 bytes
Desc: Kryptograficzna sygnatura S/MIME
More information about the Freeradius-Devel